Wednesday, September 27, 2006

Month Of Browser Bugs

Hi folks,

In July, HD Moore ran his month of browser bugs, most of which were d0s and not code executers. It seems he's corrected one, and last night provided a working metasploit module that he says will allow remote code execution on fully patched systems running XP SP2. We have not yet been able to verify whether this actually works as advertised, but if it does, it will almost certainly find its way into the wild very quickly.

We added SocketShield sigs for all the Month Of Browser Bugs preemptively, so I expect that we'll find this one with little or no changes to the sigs.




At 10:12 PM, Blogger avivra said...

Just to let you know, you're SocketShield (well, at least the "trial version") does not detect exploitation of the .setSlice vulnerability using the Metasploit module.

Frankly, it also doesn't detect the exploitation of the VML vulnerability, again using the Metasploit module.

So, what's the difference between your security product and other signature based security products like Anti Viruses?


Post a Comment

<< Home