| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Oct 2007 01:19:31 -0700 From: "Kristian Erik Hermansen" <kristian.hermansen@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Microsoft Windows default ZIP handler bug I tested this on three Windows XP machines and was able to make them all crash. There is an issue with the way Microsoft's default compressed file handler deals with embedded compressed files. I don't have much time to investigate further, since I am in Atlanta all this week for SPICON and don't have any tools on my corp laptop :-( However, I put together a Flash video showing the bug. It may not be exploitable, but I also haven't been keeping up with the latest bad pointer / alternate code path research stuff. Maybe someone can do some ninjitsu code exec using this... Video: http://kristian-hermansen.com/hacks/microsoft-windows-default-compressed-file-handler-crasher-2.swf File: http://kristian-hermansen.com/hacks/IIIIIIIIJJJJJJJJKKKKKKKKLLLLLLLL.zip -- Kristian Erik Hermansen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists