First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr version is something like this: Michal Zalewski writes a DOM fuzzer, fuzzes IE, finds flaws, Chinese dudes […]
Ah Microsoft is treating this one seriously after France and Germany advised users to avoid IE. The current strain being exploited only targets IE6 users, but one security company has developed an exploit for IE8 which also bypasses DEP (Data Execution Prevention). It was rumoured this was the exploit used last week to compromise Google […]
Tags: crc-16, data execution prevention, dep, exploit, hacking-IE, ie 0day, IE-exploit, IE-security, IE-vulnerability, internet explorer security, internet explorer vulnerability, internet explorere 0day, internet-explorer-exploit, microsoft, microsoft patch tuesday, microsoft security, oob patch, out of band patch, vulnerability
Posted in: General Hacking | Add a Comment
Our Polish friend and expert security researcher, Michal Zalewski (lcamtuf), known for his endless stream of vulnerabilities in all manners of software, has struck again. This time with some pretty serious flaws in both Internet Exploder Explorer and Firefox. This time it’s 4, 2 in IE and 2 in Firefox. The first which effects fully […]
