This is part 2 of the article on MS08-078.
Below I'll talk about what this particular invocation of the exploit carried in terms of payloads.
Tag Archives: MS08-078
Anatomy of an MS08-078 exploit, part 1
Often times I'm asked what actually happens to a system when the browser is exposed to a modern web exploit. By "web exploit", I'm referring to the type of exploit where your browser only need visit a site - no user interaction (like opening a file) is necessary. I thought it might be interesting to take a look at a real-world implementation of the new IE exploit (MS08-078) to see what the payload was. I'm going to break this up into two posts just because of the size of the screenshots.
