###################################
Internet explorer 6 7 and 8 URL Validation Vulnerability
Vendor :http://www.Microsoft.com
Vendor notify:YES vendor confirmed :YES
REF Bulletin:MS10-002
#########################################
A remote code execution vulnerability exists in the way that Internet Explorer incorrectly validates input. An attacker could exploit the vulnerability by constructing a specially crafted URL. When a user clicks the URL, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see MS10-002 and CVE-2010-0027.
No more details at this time I have a PoC But At this moment it, is private.
Time Line for this vulnerability:
discovered 05-11-2009
Reported to vendor 15-11-2009
Vendor response:15-11-2009
vendor accepts in case manager 19-11-2009
vendor patch 21-01-2010
#################€nd#############
Thnx to estrella To be mi ligth
Thnx To icar0 & sha0 from Badchecksum
Thnx To Google security Team For support
Thnx To MSRC for Support
atentamente:
Security Research & Analisys.
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Internet explorer 6 7 8 URL Validation Vulnerability
Thursday, January 21, 2010
Categories:
Acknowledgments,
browsers,
bug,
patch,
security,
vulnerability