lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 3 Nov 2006 12:08:55 +0300
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: Jerome Athias <jerome.athias@...e.fr>
Cc: xxxx@...il.com, bugtraq@...urityfocus.com
Subject: Re[2]: New Flaw in Firefox 2.0: DoS and possible remote code execution

Dear Jerome Athias,

I  said  NULL pointer is not exploitable _by itself_. Ability to control
unhandled  exception  filter is different vulnerability. NULL pointer in
this case is not exploitation vector, it's only used to initiate attack.

--Thursday, November 2, 2006, 10:01:19 PM, you wrote to 3APA3A@...URITY.NNOV.RU:

JA> 3APA3A a écrit :
>> Dear xxxx@...il.com,
>>
>> NULL pointer dereference is not exploitable to code execution by itself.
>>
>>   
JA> Hi,

JA> you should be interested by this
JA> http://metasploit.blogspot.com/2006/08/putting-fun-in-browser-fun.html

JA> + a little tool
JA> https://www.securinfos.info/outils-securite-hacking/uSEH.rar

JA> /JA



-- 
~/ZARAZA
Íåïðèÿòíîñòè íà÷íóòñÿ â âîñåìü.  (Òâåí)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ