lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <447EB733.9050506@determina.com>
Date: Thu, 01 Jun 2006 02:45:23 -0700
From: Alexander Sotirov <asotirov@...ermina.com>
To: bugtraq@...urityfocus.com
Subject: Re: Internet explorer Vulnerbility


Confirmed on a fully patched Windows XP.

It's a stack overflow in inetconn.dll, but it's most likely not exploitable
because the DLL is compiled with /GS. There are no other interesting variables
to overwrite between the buffer and the return address. Overwriting the
arguments doesn't get us anywhere either.

It would be exploitable on older systems not compiled with /GS, but the code
where the vulnerability is was added in XP SP2.

Alex


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ