# Wednesday, 13 April 2011
« MIX11 | Main | MS11-028 Vulnerability Details »
MS11-028 Vulnerability Details

Next week I will post the details of the bug fixed in MS11-028 released yesterday.

I did not discover this vulnerability, but in Februari I did find a public bug report that contains enough information to write an exploit and I contacted the Microsoft Security Response Center and they replied:

“Thank you for contacting us with this. We are aware of the issue you are reporting and since the issue is public I can not comment on the issue or the status of the investigation except to say that we are aware and investigating.“

The bug was originally reported in August of last year.

After I saw the bug report it took me about 15 minutes to write a proof of concept exploit.

Wednesday, 13 April 2011 23:21:33 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]
Name
E-mail
Home page

I apologize for the lameness of this, but the comment spam was driving me nuts. In order to be able to post a comment, you need to answer a simple question. Hopefully this question is easy enough not to annoy serious commenters, but hard enough to keep the spammers away.

Anti-Spam Question: What method on java.lang.System returns an object's original hashcode (i.e. the one that would be returned by java.lang.Object.hashCode() if it wasn't overridden)? (case is significant)

Answer:  
Comment (HTML not allowed)  

Live Comment Preview