等待发布中,已经投到webzine, 可以直接在www.ph4nt0m.org找到。等那边出来这里就会同步放出了。
阅读全文
搜索此博客
2008年3月9日星期日
2008年3月7日星期五
ms08-010记录
CVE-2008-0077
From idefense:
When certain properties are assigned malformed values, memory can be corrupted in a way that leads to Internet Explorer making a call to a member function of an already released property object. If the memory location of the released property object happens to be filled by attacker controlled content, the attacker can execute arbitrary code.
From ZDI:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the handling of the "by" property of an animateMotion SVG element. By assigning other DOM elements to this property, a memory corruption occurs during the destruction of a Variant data type. The corruption causes an overwrite of a virtual function address allowing for the execution of arbitrary code.
阅读全文