Comments for Exodus Intelligence

Comment on Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792 by Get Latest News Around The World

Get Latest News Around The World — Fri, 01 Feb 2013 15:40:17 +0000

[...] Source: http://blog.exodusintel.com/2013/01/04/bypassing-microsofts-internet-explorer-0day-fix-it-patch-for-… [...]

Comment on About Exodus by Brian Ortiz

Brian Ortiz — Wed, 16 Jan 2013 08:42:03 +0000

Please send me a link or site i can accwess more on this topic

Comment on Happy New Year Analysis of CVE-2012-4792 by chris

chris — Tue, 15 Jan 2013 23:38:52 +0000

Excellent article, keep on doing such quality work !
I really love the HTML+TIME trick :-)

Comment on Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792 by Microsoft repariert ältere IE-Versionen außerhalb des Patch-Day - ComputerBase

Microsoft repariert ältere IE-Versionen außerhalb des Patch-Day - ComputerBase — Mon, 14 Jan 2013 20:33:54 +0000

[...] für diese Lücke bereitgestellt. Nach bereits wenigen Tagen wurde jedoch bekannt, dass sich der Fix umgehen lässt. Jetzt hat Microsoft mit einem außerplanmäßigen Patch reagiert, der das Fix-it überflüssig [...]

Comment on DoS? Then Who Was Phone? by Weekendowa Lektura | Zaufana Trzecia Strona

Weekendowa Lektura | Zaufana Trzecia Strona — Sun, 13 Jan 2013 06:43:15 +0000

[...] Exodus Intelligence analizuje ciekawy błąd w Asterisku [...]

Comment on Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792 by SafeTI Blog – Windows: Update da Microsoft conserta falha grave no sistema

SafeTI Blog – Windows: Update da Microsoft conserta falha grave no sistema — Fri, 11 Jan 2013 14:55:39 +0000

[...] contra os ataques conhecidos na rede, bem como o módulo de exploração Metasploit. No entanto, a Exodus Intelligence descobriu que há outras maneiras de explorar as vulnerabilidades que não são corrigidas pela [...]

Comment on Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792 by Bug festif du premier janvier… et conséquences d’un abus de Fix-It - CNIS mag

Bug festif du premier janvier… et conséquences d’un abus de Fix-It - CNIS mag — Fri, 11 Jan 2013 09:22:41 +0000

[...] Tout commence par un très classique trou affectant Internet Explorer 6,7 et 8, immatriculé CVE-2012-4792. Un véritable ZDE exploitable à distance (et effectivement exploité) et qui affecterait essentiellement les éditions Chinoises et Anglaises du navigateur. Microsoft publie coup sur coup une alerte puis, le jour de la Saint Sylvestre, une mesure de contournement sous forme d’une macro « Fix-It »… en attendant qu’une véritable rustine soit développée. Cette mesure provisoire n’est hélas, estiment les chercheurs de la société Exodus, pas franchement efficace puisqu’il serait possible de la contourner. [...]

Comment on Happy New Year Analysis of CVE-2012-4792 by LolyRop

LolyRop — Thu, 10 Jan 2013 13:34:16 +0000

From what i see i don’t need to do this LFH trick (20 allocations) since after the CollectGarbage(); if i allocate the string it works.

is this done for more reliability ? or indeed this is useless and not needed ?

Comment on Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792 by IT Secure Site » Blog Archive » January 2013 Patch Tuesday

IT Secure Site » Blog Archive » January 2013 Patch Tuesday — Thu, 10 Jan 2013 07:00:07 +0000

[...] a famous attacks in a wild, and also counters a Metasploit module. However, as Exodus Intelligence pointed out over a weekend, there are other ways of triggering a disadvantage that have not been lonesome by a [...]

Comment on DoS? Then Who Was Phone? by Keegan McAllister

Keegan McAllister — Thu, 10 Jan 2013 02:20:51 +0000

Fantastic exploit and writeup! Thanks for taking the time to explain everything so well.

The general approach reminds me a bit of Jon Oberheide’s half-nelson.c, which involves colliding two Linux kernel stacks.

> I found it interesting that the code looks as though it may have been written with memory management issues in mind, as the check to ensure content_length is not zero would catch an integer overflow caused by adding one to the value.

I think they’re just checking that content_length got set within the for loop. At any rate, content_length is a signed int, so overflow behavior is undefined — of course, many developers don’t know this.