the UK group "Computer Terrorism" released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).
We are not sure if paramters can be passed to the executable. If so, the issue would be much more severe.
Please monitor this diary for updates.
I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Winter 2019
Nov 21st 2005
1 decade ago