Virus Guy wrote:
> kurt wismer wrote:
>
>>> I don't recall that it was ever shown that any AV product
>>> prevented, for example, IE from crashing when exposed to
>>> test samples of the VML vulnerability.
>> i don't recall it either, but that doesn't mean it didn't happen..
>
> Why don't you try something then.
>
> Swap out your patched vgx.dll for an older one, then try this page:
>
> http://209.85.165.104/search?q=cache...lnk&cd=1&gl=ca
>
> It's the google cached version of this:
>
> http://zert.isotf.org/testvml.htm
>
> or this:
>
> http://www.isotf.org/zert/testvml.htm
>
> Which doesn't seem to exist any more, but was designed to trigger the
> VML vulnerability.
>
> Presumably NOD-32 should intercept the code before IE is crashed by
> it.

yeah, well, since i'm not a nod32 user the above experiment won't really
tell us anything...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"