I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location… This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites). The vulnerability has been confirmed on a fully patched system […]
Internet Storm Center’s always informative Diary has some good information. At the urging of Handler Extraordinaire Kyle Haugsness, I tested the sploit on a box with software-based DEP and DropMyRights… here are the results: Software-based DEP protecting core Windows programs: sploit worked Software-based DEP protecting all programs: sploit worked DropMyRights, config’ed to allow IE to […]
Is it ethical or even legal to charge for other peoples work? As far as I know France seems have some pretty strong (and weird) copyright laws. And yes, they are blaming French Laws prohibiting full disclosure. In conformity with applicable French laws prohibiting Full-disclosure, the FrSIRT will no longer distribute exploits and PoCs on […]
