Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mobb Project - One New Vulnerability Per Day


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:06:05 PM

Posted 10 July 2006 - 08:18 AM

Those of us in the IT security profession prefer the reporting of vulnerabilities and sharing of POC exploit code in a private manner with the vendor. While sharing these findings in a public forum may result in prompt accelerated actions by the vendors, these MoBB flaws could become new areas for spyware, virus, and worm development.

We are indeed seeing at least 1 per day and security firms like Secunia and FrSIRT may lag a little in testing and subsequently reporting these findings. The site below is worthwhile to monitor for continuing developments.

MoBB Project - Official Site to track developments
Please be careful and avoid any POC exploit code
http://browserfun.blogspot.com/

TEN VULNERABILITIES SO FAR
MoBB #10: Object.Microsoft.DXTFilter Enabled
MoBB #9: DirectAnimation.DAUserData Data
MoBB #8: RDS.DataControl URL
MoBB #7: Table.Frameset
MoBB #6: StructuredGraphicsControl SourceURL
MoBB #5: DHTML setAttributeNode()
MoBB #4: Mozilla Firefox DesignMode
MoBB #3: OutlookExpress.AddressBook
MoBB #2: Internet.HHCtrl Image Property
MoBB #1: ADODB.Recordset Filter Property

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users