Security Information Vulnerability Research Security Blog

New IE 0day as Part of Webattacker?

September 19th, 2006 by , Filed under: Commentary, Microsoft, Virus, Web

webattacker is a hacker kit for preparing a website to exploit users, infecting them. it has statistics on os, browser type, etc. as well as on how many got infected by what exploit, etc.

nick fitzgerald, roger thompson and now dan hubbard report that sites seen exploiting this 0day in-the-wild have previously been seen utilizing webattacker. if webattacker indeed uses this 0day… it will be spread far and wide.

no patch in sight. easy to exploit.

gadi evron,
ge@beyondsecurity.com.

Share
  • http://prozacville.com Prozacgod

    I’ve been confused about this 0day exploit, is this the same as the createTextRange() – or is this a different one ?

  • http://blogs.securiteam.com/index.php/archives/author/mattmurphy/ Matthew Murphy

    The createTextRange() “zero-day” issue was actually plugged awhile ago. These vulnerabilities come in a slow stream for Microsoft — one gets patched, another comes out… it goes quiet for a while, then the cycle starts again. The exploit for the newest zero-day (i.e., VML) is here:

    http://www.securiteam.com/exploits/5EP0L0AJPM.html

  • Share







  • Categories


Security RSS Subscribe