lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jan 3 10:12:43 2006 From: ad at heapoverflow.com (ad@...poverflow.com) Subject: Buffer Overflow vulnerability in Windows Display Manager [Suspected] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 haven't such driver here , it should be a third party driver security bug probably within "*Controller Hub for Intel Graphics Driver"* http://www.dynamiclink.nl/htmfiles/rframes/sys-i01.htm Sumit Siddharth wrote: > I think the problem is with the intel driver and particularly with file > ialmnt5.sys > Hope it helps > Sumit > > > > On 1/3/06, *Sumit Siddharth* <sumit.siddharth@...il.com > <mailto:sumit.siddharth@...il.com>> wrote: > > Dear All, > Sorry for the delayed response. > I had success in exploiting it remotely by a simple javascript > <script>window.open("http://aa...");</script>. But i think it > doesnt work with some drivers.I am using XP ,professional, SP2. > and firefox 1.0.6. I am using a string of about 53,000 char to > overflow the buffer. > Thanks > Sumit > > > > > -- > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ7pN+K+LRXunxpxfAQKBqA//YxoeFIr1rkaCixpPr34+KpDiUAKN7xss M6ZH3ZmpqZ03yLajS8XBWIyv5uTXDuLhUQrrObvak4n6mQ+7g6YffEYQBNyIcsEm Gxyd8uDmkwX9MeAslByvrqobj/6i4oC4sj5Lq9Ui/JCqsw5KNaBP8ZAym48HiMFM bI3kqvSGVm++bavWrK8+FunnVHCSDezFL64Jxh6MAVU2MNR+Z2qufC+aQtIpGw7s nyWisynx6csTp9US5qmeuVdrcwk9DeACzX+z5eAEaevLRcl7ElcpcMht21U5scMd FTLTtN9Ao4hewQrOe05BAo3AwNmzpt3Kgay3DLtN/n7a9LqPifw9FKp5EtdYLKyM R16AwG5PaYQXrnsY0Udwz4yAYucEYjEOSyslVf4VILyzFWdKfAgXApbbr4W2nKXx VQ0BBWbOYnAuAPJYk85WpAZfbFX98tglGTGT/0XRO3Buyk5T50AC4VqxlF17w7+8 T6bO74xpZNi5t5fzFTqt5kZZZ6IXfSonu/SVA/tfiOJwIExo7zEUwu4vsYoMtxaR HqFlMQyuJhp0aTjaggrFaYQ8XR7tnZherteAYdaw0k3mUPCWfXR3xz26daOpUDKu ewsDbuq+cglVD5qym246WVYSyiPLKKBXvWPLbuoG5ngqmyQiKydIQ9UMMdJvHh5c 7DtDjiHOH8s= =VEy3 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists