Thank you @_larry0! Anyone else have their #myfavoritevuln?
#VulnLife #StickerLife #InfoSechttps://twitter.com/_larry0/status/1189707301923504128 …
-
-
IE doesn't honor the killbit https://www.kb.cert.org/vuls/id/998297/ By putting curly braces {} around the CLSID for an ActiveX control in HTML, IE will ignore whether a killbit has been set for the control. So any attacker can run any disabled/vulnerable ActiveX. I found this one by accident.
-
Objection your honor. You chose this one over the one that got you 1,200+ CVE assignments, and would have gotten you 20,000 more if MITRE hadn't have waffled?!
- 3 more replies
New conversation -
-
-
This thread bought a slight tear to my eyes, it was like suddenly seeing the ballard of greatest exploit hits bounce across the screen. I have used so many of these bugs (except the LNK one. that was Israel's contribution to StuxNet.)
-
@hackerfantastic you mean something like this??? Waiting for this album to drop@attritionorg#VulnLife#StickerLife#infosecpic.twitter.com/y0ia5mAvur
End of conversation
New conversation -
-
-
SetAbortProc was a good one. The root shell on the G1 launch was a particularly memorable blunder
Reading Derek Soeders eEye advisories got me interested in NT internals, e.g. https://seclists.org/fulldisclosure/2004/Oct/404 … -
I was going to suggest your NT one too (cve-2010-0232 is it I think)
- 2 more replies
New conversation -
-
-
... And party foul, invoking "Steve Gibson" in a thread about vulnerability research. =) digging into this, scary how many VDB references go 404 over the years... more 404 than valid these days. but, one is a Krebs article from 2005.
-
This Tweet is unavailable.
New conversation -
-
-
Trivia: the LNK problem was not fixed correctly in 2010 too.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.