lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 12 Jan 2005 10:39:03 +0100
From: "Berend-Jan Wever" <skylined@...p.tudelft.nl>
To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Subject: (no subject)

Hi all,

Here's an exploit for the ANI stack overflow, written for win2ksp4en, IE SP1. Dunno if it will work for other platforms, might need some more tweaking of the ani file. Let me know if it doesn't work, but only if you can hand me some proper debugging details.

Patch: http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx
Host based products such as Qwik-Fix Pro from PivX already protect against this vulnerability by completely disabling the .ANI file format, I found this out after trying to trigger the vuln unsuccessfully for 10 minutes. It took me another 10 after turning off Qwik-Fix to write the exploit.

Since my ISP detects it as "Exploit.HTML.IFrameBOF-4" I put the thing in a password protected zip file. The password is "margrieta".

Cheers,

Berend-Jan Wever
SMTP: <skylined@...p.tudelft.nl>
HTTP: http://www.edup.tudelft.nl/~bjwever
MSN: Skylined@...p.tudelft.nl
IRC: SkyLined in #SkyLined on EFNET
PGP: key ID 0x48479882

Download attachment "anieeye.zip" of type "application/octet-stream" (3814 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ