lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2183B9E18390EF4580175FEF6AB4FF3E015B9F17@hs01ms05.healthsouth.insidehrc.com>
Date: Fri, 17 Sep 2004 20:37:23 -0500
From: "Clemens, Dan" <Dan.Clemens@...lthsouth.com>
To: <admin@...loitwatch.org>, <full-disclosure@...ts.netsys.com>,
   <bugtraq@...urityfocus.com>, <vulnwatch@...nwatch.org>
Subject: Re: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POCExploit



I may not have a clue but when I read the email from the author of this "POC" it stated that it was a poc to show where the overflow will occur and doesn't actually exploit the vulnerability. Furthermore the vulnerability is a heap based overflow which means that successful worm like exploitation isn't really the highest possibility as you suggest in your fear based email.
Simply,
Dan


-----Original Message-----
From: admin@...loitwatch.org <admin@...loitwatch.org>
To: full-disclosure@...ts.netsys.com <full-disclosure@...ts.netsys.com>; bugtraq@...urityfocus.com <bugtraq@...urityfocus.com>; vulnwatch@...nwatch.org <vulnwatch@...nwatch.org>
Sent: Fri Sep 17 03:50:01 2004
Subject: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POCExploit

A PoC for the Windows XP JPEG has been published. Because of the potential
impact, it is anticipated that this exploit will be widely used by worms and
other malware within a short period of time.

http://www.gulftech.org/?node=downloads

Regards,
admin@...loitwatch.org
http://exploitwatch.org



Confidentiality Notice: This e-mail communication and any attachments may contain
confidential and privileged information for the use of the designated recipients named above. If
you are not the intended recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure, dissemination, distribution or
copying of it or its contents is prohibited. If you have received this communication in
error, please notify me immediately by replying to this message and deleting it from your
computer. Thank you.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ