"ZERT is a group of engineers with extensive experience in reverse engineering software, firmware and hardware coupled with liaisons from industry, community and incident response groups. While ZERT works with several Internet security operations and has liaisons to anti-virus and network operations communities, ZERT is not affiliated with a particular vendor".
The Zeroday Emergency Response team (ZERT), a group of reverse engineering experts and known security researchers with connections to industry and community groups, has released a patch for the IE VML 0day.
The Zeroday Emergency Response team (ZERT), a group of reverse engineering experts and known security researchers with connections to industry and community groups, has released a patch for the IE VML 0day.
ZERT warns that although they perform extensive testing, there is no replacement for a vendor-released patch, and the ZERT patch should be looked at as an alternatrive for those who choose to use it.
To quote their web page:
"ZERT is a group of engineers with extensive experience in reverse engineering software, firmware and hardware coupled with liaisons from industry, community and incident response groups. While ZERT works with several Internet security operations and has liaisons to anti-virus and network operations communities, ZERT is not affiliated with a particular vendor.
ZERT members work together as a team to release a non-vendor patch when a so-called "0day" (zero-day) exploit appears in the open which poses a serious risk to the public, to the infrastructure of the Internet or both. The purpose of ZERT is not to "crack" products, but rather to "uncrack" them by averting security vulnerabilities in them before they can be widely exploited.
It is always a good idea to wait for a vendor-supplied patch and apply it as soon as possible, but there will be times when an ad-hoc group such as ours can release a working patch before a vendor can release their solution".
