[Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable



Hello,

There has recently been some discussion regarding whether or not the
MSIE Nested Object Vulnerability reported by Michal Zalewski is
exploitable or not.

Link to Michal Zalewski Full-Disclosure Posting:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-
April/045422.html

Because of this, Secunia has received several enquiries and comments
about the "Highly critical" rating of this advisory (SA19762) as no
proof of exploitation has been publicly disclosed.

In response to this, we would like to stress that Secunia has developed
a working exploit for this vulnerability. This exploit will not be
disclosed publicly, but was sent to Microsoft on Wednesday 2006-04-26.
The advisory rating of "Highly critical" and "System access" impact is
therefore fully justified.

Kind regards,

Thomas Kristensen
CTO

Secunia
Hammerensgade 4, 2. floor
DK-1267 Copenhagen K
Denmark

Tlf.: +45 7020 5144
Fax: +45 7020 5145


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable
    ... A little update on the MSIE Nested Object vulnerability. ... During further investigation of the issue reported by Michal Zalewski ... Microsoft therefore treats this as a privately disclosed vulnerability, ... thus Secunia will not be releasing any further details before Microsoft ...
    (Full-Disclosure)
  • Re: [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable
    ... MSIE Nested Object Vulnerability reported by Michal Zalewski is ... proof of exploitation has been publicly disclosed. ... we would like to stress that Secunia has developed ... Secunia Originally Believed MZ's vulnerability disclosure _was_ ...
    (Full-Disclosure)
  • Secunia Research: Jetbox Multiple Vulnerabilities
    ... Secunia Research has discovered some vulnerabilities in Jetbox CMS, ... information via phpinfo or execution of arbitrary HTML and script code ... Successful exploitation may lead to execution of arbitrary PHP code by ...
    (Bugtraq)
  • [Full-disclosure] Secunia Research: Jetbox Multiple Vulnerabilities
    ... Secunia Research has discovered some vulnerabilities in Jetbox CMS, ... information via phpinfo or execution of arbitrary HTML and script code ... Successful exploitation may lead to execution of arbitrary PHP code by ...
    (Full-Disclosure)
  • Secunia Research: ATutor Multiple Vulnerabilities
    ... Description of Vulnerabilities ... attacks, disclose sensitive information, and compromise a vulnerable ... Successful exploitation requires that "register_globals" is enabled. ... Discovered by Andreas Sandblad, Secunia Research. ...
    (Bugtraq)