MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: I got 0wned... (sort of) - Patch your browser if you haven't.. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

I got 0wned... (sort of) - Patch your browser if you haven't.
by Decius at 7:52 pm EST, Dec 14, 2005

This document serves as a reclassification advisory for the Microsoft Internet Explorer JavaScript Window() DoS vulnerability, originally reported on 31/05/2005.
Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user.

I was stumbling around on the web tonight and got hit with a malicious version of this. Fortunately I was running Firefox at the time, where the issue is merely a denial of service (at least as presently understood). Its a remote code execution problem in IE. The perps were trying to shovel adware onto my machine.

Figured I'd mention this here as a public service. People are definately out there exploiting this. Microsoft released patches yesterday. Patch your machine.

If you go to the linked site from a vulnerable host and click on the proof of concept it will launch a copy of calc.exe on your desktop.

RE: I got 0wned... (sort of) - Patch your browser if you haven't.
by Dagmar at 12:46 am EST, Dec 15, 2005

Decius wrote:
If you go to the linked site from a vulnerable host and click on the proof of concept it will launch a copy of calc.exe on your desktop.

Or you can just go to crackz.am and get a pretty much 0-day customized attack on your browser, and about 30-35 pieces of spyware within minutes.

Stop using IE.