[ObnoxiousJul]

@drewcrawford, you can't even read x86 ASM? O_o

The exploit described in stackoverflow, works only for IE and a version of windows where the memory addresses are not randomized (which most modern OS do have (http://en.wikipedia.org/wiki/Address_space_layout_randomizat...) , and where calc.exe is installed (so windows + IE probably).

Hint MOV + JMP are made @ fixed address.

If the code showed is not an hoax (which I highly doubt) it would imply : 1) a specific browser (to break the gate of OS control on memory/permission by using a buffer overflow) and I don't see at first glance a buffer overflow (but let's imagine it exists), 2) a specific old OS (windows 98 or XP maybe) (for having a predictable address to which to inject the shell code)(I can't imagine an ASM code doing base of registry scanning in less than 4k to get an address of a peculiar exec/lib); 3) since it is based on specific 64bits alignment problem and since there are 32bits legacy application) it would target only the 64bits version

This makes the threat looks more like ripples in a glass of water than the tsunami that was announced.

Basically this (if it is not the hoax I think it is) would be just an exploit of a specific browser in 64bits version on a specific OS. It is not a JS exploit, it is a very specific browser name on OS name exploit in 64bits. So to say ... the whole day life in the world of software.