Just when I though it was save to once more use internet explorer I received an email bringing my attention to this webpage http://216.130.188.219/ei2/installer.htm that according to him used an exploit that affected fully patched internet explorer 6 browsers. Being rather skeptical I carelessly clicked on the link only to witness how it automatically installed addware on my pc!!! Now there had been reports about 0day exploits making rounds for quite some time like for instance this post http://www.securityfocus.com/archive/1/363338/2004-05-11/2004-05-17/0 However I hadn't seen any evidence to support this up until now Thor Larholm as usual added to the confusion by deliberately spreading disinformation as seen in this post http://seclists.org/lists/bugtraq/2004/May/0153.html Attributing it to and I quote "just one of the remaining IE vulnerabilities that are not yet patched" I?ve attempted to write up an analysis that will show that there are at least 2 new and AFAIK unpublished vulnerabilities (feel free to proof me wrong) out there in the wild, one being fairly sophisticated You can view it at: http://62.131.86.111/analysis.htm Additionally you can view a harmless demonstration of the vulnerabilities at http://62.131.86.111/security/idiots/repro/installer.htm Finally I also attached the source files to this message
Attachment:
exploit.zip
Description: Binary data