WebViewFolderIcon
One recent (or not so recent) web hack is the WebViewFolderIcon ActiveX attack. Basically it's a web browser attack that allows code to be executed after an integer buffer overflow. All a victim needs to do is visit a webpage that contains the code on the website (usually encoded in escape chars).
When this happens usually your IE browser crashes. By then it's already too late. Then it does the usual thing with stack access etc...
It works on ALL IE browser and is STILL not patched. GG M$. But a small caveat, AVG reported this particular one I have as a known exploit patched in MS04-011, an attack on the LSASS. Maybe AVG detected it wrong?
Anyway according to HD Moore's site, it still works.
Will post an update when I find out more...
When this happens usually your IE browser crashes. By then it's already too late. Then it does the usual thing with stack access etc...
It works on ALL IE browser and is STILL not patched. GG M$. But a small caveat, AVG reported this particular one I have as a known exploit patched in MS04-011, an attack on the LSASS. Maybe AVG detected it wrong?
Anyway according to HD Moore's site, it still works.
Will post an update when I find out more...
posted by Beng Hacks at 7:07 PM
1 Comments:
hey di eh. not bad ah, got my interest until i see your date. fwahahaha. if i see it earlier, then maybe can play with it. keep posting ah. me in obice sibei sian.
Post a Comment
<< Home