Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Exploit against MS07-033 being used in the wild

Published: 2007-06-23
Last Updated: 2007-06-23 15:29:36 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)

The Symantec folks identified a website exploiting a bug from this months Microsoft patches, specifically the Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerability.  Here is the URL to their blog entry:

http://www.symantec.com/enterprise/security_response/weblog/2007/06/deepsight_honeynet_detects_obf.html

Apparently, the actual exploit is similar to the proof of concept code posted on a popular exploit site ten days ago.

Keywords:
0 comment(s)
Diary Archives