With the release of the latest Internet Explorer 0day exploit, I was eager to get an environment up to test it out.
I decided to test out two environments.
1) Windows 7 fully patched with the latest Java version and IE9
2) Windows XP SP3 fully patched without Java and IE8
My testing proved unsuccessful against the configuration (1) above. I was very successful in crashing IE 9, but was not able to exploit it at all. I would have to do some more analysis with this, but a quick google search reveals that I am not alone in this finding. I think that scope of this 0day might have been exaggerated a bit. I did not spend a ton of time on this, but I did try of couple of different configurations.
Configuration (2) above, however, did not fair so well. IE8 still seems to be in use at about 20% of all browsers (and probably 90% of all corporate browsers). I think given those facts, this is still a pretty important 0day.
No comments:
Post a Comment