Francisco Amato of Infobyte Security Research just announced ISR-evilgrade v1.0.0, a toolkit for exploiting products which perform online updates in an insecure fashion. This tool works in conjunction with man-in-the-middle techniques (DNS, ARP, DHCP, etc) to exploit a wide variety applications. The demonstration video uses the CAU/Metasploit DNS exploit in conjunction with the Sun Java update mechanism to execute code on a fully patched Windows machine. For more information, see the README and slide deck. The first release includes exploits for Sun Java, Winzip, Winamp, Mac OS X, OpenOffice, iTunes, Linkedin Toolbar, DAP, Notepad++, and Speedbit
Category: tools
|
Posted by
Staff
116 days ago
Via: http://blog.metasploit.com |
Discuss
Staff
116 days ago
Via: http://blog.metasploit.com |
Discuss
Add this link to...
Bury
Best of Security is a consolidated resource for all kinds of security news and stories. Learn more...
Please update the link. I need mod dosevasive...I also need an updated link please...I also need an updated link if possible....Advisory of Workaround (by Xerox):
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
Hello - I am Jeff Hardy from SmarterTools.
The vulnerability...give me a new link for downloding this lib / .dll, please....
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
The vulnerability...give me a new link for downloding this lib / .dll, please....
Comments