the UK group "Computer Terrorism" released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).
We are not sure if paramters can be passed to the executable. If so, the issue would be much more severe.
Please monitor this diary for updates.
Defending Web Applications Security Essentials - Secure DevOps Summit & Training 2018
Nov 21st 2005
1 decade ago