RE: Six Step IE Remote Compromise Cache Attack

From: Benjamin Franz (snowhare_at_nihongo.org)
Date: 11/05/03

  • Next message: white colin john: "RE: Six Step IE Remote Compromise Cache Attack" 
    Date: Wed, 5 Nov 2003 14:49:42 -0800 (PST)
To: Thor Larholm <thor@pivx.com>

    On Wed, 5 Nov 2003, Thor Larholm wrote:

    > This post raises an interesting question. Is our goal to find new
    > vulnerabilities and attack vectors to help secure users and critical
    > infrastructures, or is our goal to ease exploitation of existing
    > vulnerabilities?
    >
    > There are no new vulnerabilities or techniques highlighted in this
    > attack (which is what it is), just a combination of several already
    > known vulnerabilities. This is not a proof-of-concept designed to
    > highlight how a particular vulnerability works, but an exploit designed
    > specifically to compromise your machine. All a malicious viruswriter has
    > to do is exchange the EXE file.
    >
    > Believe me, I am all in for full disclosure and detailing every aspect
    > of a vulnerability to prevent future occurances of similar threats, but
    > I don't particularly think that we should actively be trying to help
    > malicious persons.

    I have mixed emotions about this. On one side - why put millions of
    systems at risk to script kiddies? On the other side, as noted by the
    poster, one of these vulnerabilities has been known for more than _TWO
    YEARS_. Surely far more than enough time for MS to have actually _fixed_
    the problem if they intended to. MS seems (at least in some cases) to
    ignore security problems until someone publically 'holds their feet to the
    fire' over them. I suspect this happens when the problem 'runs deep' in
    their code and will require more than fixing a boundary limit check and
    recompiling. 

    -- 
Benjamin Franz
Gauss's law is always true, but it is not always useful.
    -- David J. Griffiths, "Introduction to Electrodynamics"
  • Next message: white colin john: "RE: Six Step IE Remote Compromise Cache Attack"

    Relevant Pages

    • [Full-disclosure] [ MDVSA-2009:246 ] php
      ... Multiple vulnerabilities was discovered and corrected in php: ... unknown impact and attack vectors, probably related to an ability to ... This update provides a solution to these vulnerabilities. ... GPG public key of the Mandriva Security Team by executing: ...
      (Full-Disclosure)
    • [ MDVSA-2009:246 ] php
      ... Multiple vulnerabilities was discovered and corrected in php: ... unknown impact and attack vectors, probably related to an ability to ... This update provides a solution to these vulnerabilities. ... GPG public key of the Mandriva Security Team by executing: ...
      (Bugtraq)
    • Re: You might want to consider this before making the plunge to SP2
      ... The vulnerabilities that IE exposes are in your OS ... an alternative browser while online, ... > you want to button down IE from known attack vectors" then ...
      (microsoft.public.windowsxp.general)
    • Re: Six Step IE Remote Compromise Cache Attack
      ... > vulnerabilities and attack vectors to help secure users and critical ... Microsoft isn't ignoring the problems altogether. ... patches you can apply. ...
      (Bugtraq)
    • RE: Six Step IE Remote Compromise Cache Attack
      ... vulnerabilities and attack vectors to help secure users and critical ... Senior Security Researcher ...
      (Bugtraq)
    Loading