«
Expand/Collapse
45 items tagged "internet explorer 8"
Related tags:
txt [+],
denial of service [+],
code execution [+],
vulnerability [+],
css [+],
zero day [+],
zero [+],
xss [+],
violation exception [+],
site [+],
service vulnerability [+],
operands [+],
mozilla firefox [+],
mozilla [+],
memory address [+],
internet explorer versions [+],
internet explorer 5 [+],
firefox [+],
developer tools [+],
day [+],
cross site scripting [+],
application [+],
pointer [+],
poc [+],
paypal [+],
img tag [+],
ie8 [+],
hijack [+],
forcedtweet [+],
exploits [+],
denial [+],
cross [+],
arbitrary web [+],
internet [+],
explorer [+],
microsoft [+],
usa [+],
unix servers [+],
scripting [+],
safer use [+],
persistent [+],
opera browsers [+],
nicolas waisman [+],
nico waisman [+],
multitudinous [+],
information disclosure vulnerability [+],
hijacking [+],
explorer 6 internet [+],
exploitation [+],
eduardo vela [+],
document viewers [+],
dll [+],
david lindsay [+],
crossdomain [+],
bugtraq [+],
aurora [+],
aleatory [+],
address [+]
-
-
8:09
»
Packet Storm Security Exploits
This is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.
-
8:09
»
Packet Storm Security Recent Files
This is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.
-
8:09
»
Packet Storm Security Misc. Files
This is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.
-
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:51
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. When parsing one of the operands of a method, the application will pass the argument straight to a method that will use the variant as an index. Due to bypassing the argument check, an aggressor can set the index to point to data outside the bounds of the array. This can lead to code execution under the context of the application.
-
16:51
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. When parsing one of the operands of a method, the application will pass the argument straight to a method that will use the variant as an index. Due to bypassing the argument check, an aggressor can set the index to point to data outside the bounds of the array. This can lead to code execution under the context of the application.
-
16:51
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. When parsing one of the operands of a method, the application will pass the argument straight to a method that will use the variant as an index. Due to bypassing the argument check, an aggressor can set the index to point to data outside the bounds of the array. This can lead to code execution under the context of the application.
-
-
13:12
»
SecDocs
Authors:
Nicolas Waisman Tags:
exploiting Event:
Black Hat USA 2010 Abstract: Over the years, exploitation objectives have changed alongside the associated efforts by vendors to protect their software. Exploitation has moved from remote exploits on Unix servers to the community focusing on client-side targets, such as document viewers and browsers. Some prime examples of these are the Aurora and IE peers zero-days actively exploited in the wild. These bugs answer many questions related to what the new breed of attacker is focusing on, yet all hype aside the real lesson is: botnet authors are learning how to fuzz for these vulnerabilities but are not able to write reliable exploits to accompany them. With that premise in mind, this presentation intends to explore the techniques used to exploit the "use-after-free" bug class on Internet Explorer 8, diving into the API internals, reviewing the art of heap crafting and presenting new techniques to improve it.
-
-
7:15
»
Packet Storm Security Exploits
Mozilla Firefox version 5.0 and Microsoft Internet Explorer version 8.0 suffers from an access violation exception issue that causes a denial of service condition. This is an old issue that still affects newer browsers.
-
7:15
»
Packet Storm Security Recent Files
Mozilla Firefox version 5.0 and Microsoft Internet Explorer version 8.0 suffers from an access violation exception issue that causes a denial of service condition. This is an old issue that still affects newer browsers.
-
7:15
»
Packet Storm Security Misc. Files
Mozilla Firefox version 5.0 and Microsoft Internet Explorer version 8.0 suffers from an access violation exception issue that causes a denial of service condition. This is an old issue that still affects newer browsers.
-
-
23:00
»
Packet Storm Security Recent Files
Paypal.com suffers from header injection and cross site scripting vulnerabilities. The cross site scripting works against Chrome and Safari but not Internet Explorer 8.
-
23:00
»
Packet Storm Security Exploits
Paypal.com suffers from header injection and cross site scripting vulnerabilities. The cross site scripting works against Chrome and Safari but not Internet Explorer 8.
-
-
22:01
»
Packet Storm Security Exploits
Microsoft Internet Explorer 8 suffers from a CSS cross-domain information disclosure vulnerability.
-
17:00
»
Packet Storm Security Advisories
Microsoft Internet Explorer 8 suffers from a vulnerability that allows an arbitrary web site the ability to force a victim to make tweets.
-
-
5:44
»
SecDocs
Authors:
Eduardo Vela Nava David Lindsay Tags:
Internet Explorer XSS Event:
Black Hat EU 2010 Abstract: Internet Explorer 8 has built in cross-site scripting (XSS) detection and prevention filters. We will explore the details of how the filters detect attacks, the neutering method, and discuss the filters' general strengths and weaknesses. We will demonstrate several ways in which the filters can be abused (not just bypassed) in order to enable XSS on sites that would not otherwise be vulnerable. We will then show how this vulnerability makes most every major website vulnerable to XSS in affected versions of Internet Explorer 8.
-
-
15:00
»
Packet Storm Security Advisories
Denial of service vulnerabilities exist in the Mozilla Firefox, Internet Explorer 6, Internet Explorer 8, Google Chrome, and Opera browsers.
-
-
21:00
»
Packet Storm Security Exploits
This Metasploit module exploits a use-after-free vulnerability within the DTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the iepeers vulnerability. The name comes from Microsoft's suggested workaround to block access to the iepeers.dll file. According to Nico Waisman, The bug itself is when trying to persist an object using the setAttribute, which end up calling VariantChangeTypeEx with both the source and the destination being the same variant. So if you send as a variant an IDISPATCH the algorythm will try to do a VariantClear of the destination before using it. This will end up on a call to PlainRelease which decref the reference and clean the object. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.
-
-
19:00
»
Packet Storm Security Recent Files
This Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.
-
19:00
»
Packet Storm Security Exploits
This Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution