I should add that this exploit code only works with Win2KSp4 right now, but I'll presume that eventually they'll get it working at least on XPSP2.
Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] ________________________________ From: Larry Seltzer Sent: Monday, April 14, 2008 5:34 PM To: [email protected] Subject: exploiting MS08-021 There's exploit code out (http://www.milw0rm.com/exploits/5442) for MS08-021 (http://www.microsoft.com/technet/security/Bulletin/MS08-021.mspx) which describes GDI buffer overflows in the loading of EMF and WMF files. There were other big problems in years past in the loading of these files. Can anyone recall if the defaults for IE were changed with respect to loading these files, perhaps from an IFRAME? Thanks. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED]
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
