[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000301c4f88a$902dc330$0100a8c0@grotedoos>
Date: Wed, 12 Jan 2005 10:39:03 +0100
From: "Berend-Jan Wever" <skylined@...p.tudelft.nl>
To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Subject: (no subject)
Hi all,
Here's an exploit for the ANI stack overflow, written for win2ksp4en, IE SP1. Dunno if it will work for other platforms, might need some more tweaking of the ani file. Let me know if it doesn't work, but only if you can hand me some proper debugging details.
Patch: http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx
Host based products such as Qwik-Fix Pro from PivX already protect against this vulnerability by completely disabling the .ANI file format, I found this out after trying to trigger the vuln unsuccessfully for 10 minutes. It took me another 10 after turning off Qwik-Fix to write the exploit.
Since my ISP detects it as "Exploit.HTML.IFrameBOF-4" I put the thing in a password protected zip file. The password is "margrieta".
Cheers,
Berend-Jan Wever
SMTP: <skylined@...p.tudelft.nl>
HTTP: http://www.edup.tudelft.nl/~bjwever
MSN: Skylined@...p.tudelft.nl
IRC: SkyLined in #SkyLined on EFNET
PGP: key ID 0x48479882
Download attachment "anieeye.zip" of type "application/octet-stream" (3814 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists