Wednesday, March 10, 2010

CVE-2010-0806 - Internet Explorer 6/7 0 day

Some notes about:

Internet Explorer 0-day targeted in spam runs

Targeted Internet Explorer 0day Attack Announced

Robtex queries for the Mcafee reported URLs:


hxxxp:// -

The following exploiter (retrieved from once of the URL posted by McAfee) use Base64 encoding for hiding resources:

This issue it's been detected in the "iepeers.dll". With a good ActiveX fuzzer may be trivial found more info (CLSID: 7E8BC44E-AEFF-11D1-89C2-00C04FB6BFC4). Dranzer seem good enough: try to check for more details.

Metasploit module:

Microsoft Internet Explorer iepeers.dll use-after-free exploit

Wednesday, March 3, 2010

Firefox 3.6.x - 0 day for document.write - yet another

from misc sources:

Bugzilla Mozilla Repository:

Misc Crash Stats for Mozilla projects:

"IE is not the only evil"

The Command Structure of the Aurora Botnet - Damballa paper

I just received the following link to a very nice analysis. IMHO, a clear example of how the analysis of this kind should be made. I will try to take it into account if I will write other analysis in the future.

The Command Structure of the Aurora Botnet