Wednesday, September 20, 2006

VML 0-day

NOP, an exploit researcher over at XSEC, has just released a version of the VML 0-day that supposedly allows for code execution. If it does work as advertised, this will be big.



At 7:31 PM, Blogger Christian Seifert said...

I attempted to work with the public exploit posted, but it failed on various configurations:
- IE 5.5 on Win2K Professional -> browser spins and spins
- IE 6.0 SP1 on Win2K Professional -> browser closes
- IE 6.0 on WinXP -> browser crashes. Microsoft error reporting kicks in.

Which version did you confirm this with?



Post a Comment

<< Home