A new exploit this weekend

Hi folks,

It looks like there's a new version of IcePack, and it's pretty interesting. As well as the venerable but trusty MDAC and SetSlice exploits that we've come to love and expect, it also contains some new stuff.

The newest, and most interesting, is a buffer overflow in a DirectX dll. The vulnerability was announced in August 2007, and is documented here http://www.kb.cert.org/vuls/id/466601. As far we have found, there is not yet a patch for it, which can make things .... interesting. The best mitigator is that the vulnerable DLL is probably not in standard XP or Vista, and therefore is probably not massively available as a target. The problem with that is that it's not clear what packages it _is_ included with, so if you're not running something like LinkScanner, there's an element of Russian Roulette here.

The next interesting thing is that it contains not one, but two yahoo IM exploits. One is a control stack buffer overflow for Yahoo! Widgets Plugin, also announced in August 2007, and the second is a Yahoo! Webcam exploit from June 2007.

Just to round things out it also contains...

VML - MS07-004
MDAC/RDS - MS06-014 (patched in April 2006, but this version works up until September 2006)
SetSlice
WinZip

oh, and a Firefox exploit that appears to be the venerable WMplayer exploit from a couple of years ago.

They tend to keep things that work, reasoning that they don't don't need to exploit every box on the internet ... just enough for them to make money, so the mix of old and new exploits is to be expected, but three new ones in one update is pretty impressive.

Cheers

Roger