Zero Day IE Exploit?

Someone would have to pay me to use NAV, enough to buy another pc to put NOD32 on.

I'm not saying it doesn't detect viruses, but there are plenty of (good) reasons for me not to use it.

 

Nice job De Hollander. Thanks

 

Well, I think we are actually protected.
That page is just for testing but it doesn't contain a real exploit. Did something happened to your PC besides IE crashing?

If the malware will be posted on another website by a hacker having some other "options" to hack you NOD will detect it. (Hmm..something tells me I was not clear enough )

 

Nope nothing happended, and nothing happended with NOD either.. It was dead as a cold beef or something.

 

that's cool...working in underground.

 

Bah! you! bah!

 

Still true

 

I hope you're not going to blame NOD32 whenever IE crashes from now on.

 

I don't use IE, so that's probably a no.
But it would suck if I did ..

 

Back when I used it, seems like something was always happening to it.

 

Well now I just think they are just super slow.
Crashing my crap is not acceptable. Period.

 

Up until Firefox 1.5 was released, there was a javascript exploit that could crash Firefox every time if you let it continue to load the page long enough (you could not stop it through Firefox unless javascript was disabled before starting to load the page).

AFAIK, there was no way to execute code via the aforementioned Gecko vulnerability.

 

so good to know that nod32 is protecting against this.
I just test it with nod32 and it works just fine.

 

No prob...

But, i still have a question

Was this a FP or a real virus....(TextRange[1].htm)

 

now all will know the truth

 

...are the users of Nod32 unprotected, yes or no

Thank You.

 

I don,t know but certainly an exploit. Anyone can explain?

 

Could be that NOD is detecting real exploits, not the test versions?

 

Wow, what software is that saying "deteced" anyway

 

what i don't understand is why no1 from eset show here and clarified this

 

Since your sample has probably very high priority, I would recommend you to send it to support@nod32.com or servis@eset.sk

 

I did, yesterday evening 19:12 local time. (Amsterdam) at samples@nod32.com Subject: Sample
The file was encrypted (rar) with a password. "infected"
But I will send it again right now, to support@nod32.com, with a link to this thread.

 

The latest definitions actively block the crash and the exploit.

*******End of story*****

 

Yes, we all know the truth now.

 

Viewing the page, and IMON alerts..... JS/MBork.A trojan

Scanning...TextRange[1].htm...and no alerts from Nod.
IE6 SP2 , gives a alert and blocks the full viewing of the file.