[ISN] Metasploit releases IE attack, but it's unreliable

From: InfoSec News <alerts_at_private>
Date: Thu, 26 Nov 2009 07:36:32 -0600 (CST)
http://www.computerworld.com/s/article/9141485/Metasploit_releases_IE_attack_but_it_s_unreliable?taxonomyId=17

By Robert McMillan
IDG News Service
November 25, 2009

Developers of the open-source Metasploit penetration testing toolkit 
have released code that can compromise Microsoft's Internet Explorer 
browser, but the software is not as reliable as first thought.

The code exploits an Internet Explorer bug that was disclosed last 
Friday in a proof-of-concept attack posted to the Bugtraq mailing list. 
That first code was unreliable, but security experts worried that 
someone would soon develop a better version that would be adopted by 
cyber-criminals.

The original attack used a "heap-spray" technique to exploit the 
vulnerability in IE. But for a while Wednesday, it looked as though the 
Metasploit team had released a more reliable exploit.

They used a different technique to exploit the flaw, one pioneered by 
researchers Alexander Sotirov and Marc Dowd, but Metasploit eventually 
pulled its code.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Thu Nov 26 2009 - 05:36:32 PST

This archive was generated by hypermail 2.2.0 : Thu Nov 26 2009 - 05:50:27 PST