Showing 1 - 5 of 5

Files from Sam Thomas

Zero Day Initiative Advisory 08-050: Posted Aug 13, 2008; Authored by Tipping Point, Sam Thomas | Site zerodayinitiative.com; A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended in a specific order, memory corruption occurs. Successful exploitation leads to remote compromise of the affected system under the credentials of the currently logged in user.; tags | advisory, remote, arbitrary; advisories | CVE-2008-2257; SHA-256 | ea35c3bea9256f849954229fe44ff2775d4c804fb8b8f1be7b41cb58bbb88f01; Download | Favorite | View

Zero Day Initiative Advisory 07-074: Posted Dec 12, 2007; Authored by Tipping Point, Sam Thomas | Site zerodayinitiative.com; A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists due to improper use of the "cloneNode" and "nodeValue" javascript functions. When a specially crafted element is used during a repetitive call to one of these functions memory corruption can occur leading to remote code execution. Affected versions are 6 and 7.; tags | advisory, remote, arbitrary, javascript, code execution; advisories | CVE-2007-3903; SHA-256 | 5b0265d2921e9d43ddba03b852a3eda5f1e765e427af5b5c99645f945bfa8589; Download | Favorite | View

Zero Day Initiative Advisory 06-027: Posted Aug 18, 2006; Authored by Tipping Point, Sam Thomas | Site zerodayinitiative.com; A vulnerability in Microsoft Internet Explorer allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper handling of CSS class values. Accessing a specially crafted CSS element via document.getElementByID causes a memory corruption eventually leading to code execution.; tags | advisory, arbitrary, code execution; advisories | CVE-2006-3450; SHA-256 | 57fb1dc0472d53d18e1e1b8b3ad21deb294e25b88cdbc8f2051142b0af1bbafb; Download | Favorite | View

Zero Day Initiative Advisory 06-026: Posted Aug 18, 2006; Authored by Tipping Point, Sam Thomas | Site zerodayinitiative.com; A vulnerability in Microsoft Internet Explorer allows arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when multiple "imports" are used on a "styleSheets" collection. Crafting a long chain of CSS imports in an HTML document results in a memory corruption eventually leading to code execution.; tags | advisory, arbitrary, code execution; advisories | CVE-2006-3451; SHA-256 | dac941decc7a45743d5845a19527090e075dfa85d406566b90b661b23341d886; Download | Favorite | View

yabbse-all.txt: Posted Jun 29, 2006; Authored by Sam Thomas; exploit for all versions of yabbse that retrieves any users password hash.; tags | exploit; SHA-256 | cfdfdf127220b379e824bae8db741a18c7b8280f69303c3c2a9034e52bf3565c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days