| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: menashe at finjan.com (Menashe Eliezer) Subject: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) The published exploit is working also with the <EMBED> tag, and not just with the <IFRAME> and the <FRAME> tags. Finjan's advisory can be found at: http://www.finjan.com/SecurityLab/AttackandExploitReports/alert_show.asp ?attack_release_id=114 == Regards, Menashe Eliezer Senior application security architect Malicious Code Research Center Finjan Software http://www.finjan.com/mcrc Prevention is the best cure! -----Original Message----- From: morning_wood [mailto:se_cur_ity@...mail.com] Sent: Tuesday, November 02, 2004 3:44 PM To: Berend-Jan Wever; full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com Subject: Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) bindshell success ( html run from local ) connect from remote success... this is NASTY if shellcode modified this will do reverse or exe drop i assume.... good work, Donnie Werner ----------------------------------------------- This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm)
Powered by blists - more mailing lists