[Dshield] Exploit for IE vulnerability (MS05-038) appears sameday as patch

Roger A. Grimes roger at banneretcs.com
Wed Aug 10 05:34:30 GMT 2005


Well, since at least one known vendor (eEye) publicly said they reversed
engineered one of the patches in 1-hour after looking at the patch for
the first time, why believe otherwise? It's not impossible simply
because you can't do it.

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger at banneretcs.com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of
Valdis.Kletnieks at vt.edu
Sent: Tuesday, August 09, 2005 11:46 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Exploit for IE vulnerability (MS05-038) appears
sameday as patch

Does anybody outside Microsoft's PR department *really* believe these
exploits are reverse-engineered from the patch?  I suspect we're going
to see a lot of PoC's coming in for a landing now that a patch is
available, reducing the 0-day's effectiveness...



More information about the list mailing list