lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201212211357.qBLDvtxA029412@sf01web1.securityfocus.com>
Date: Fri, 21 Dec 2012 13:57:55 GMT
From: koppensb@....at
To: bugtraq@...urityfocus.com
Subject: Re: Re: Re: Microsoft Internet Explorer 9.x <= Remote Stack
 Overflow Vulnerability

Hi!

I think he is talking about this blog post of the Microsoft Security and Defense team.
http://blogs.technet.com/b/srd/archive/2009/01/28/stack-overflow-stack-exhaustion-not-the-same-as-stack-buffer-overflow.aspx

Since your PoC code throws this:

Problem signature:
  Problem Event Name:	APPCRASH
  Application Name:	iexplore.exe
  Application Version:	9.0.8112.16457
  Application Timestamp:	50a2f9e3
  Fault Module Name:	MSHTML.dll
  Fault Module Version:	9.0.8112.16457
  Fault Module Timestamp:	50a30507
  Exception Code:	c00000fd
  Exception Offset:	002bbe12
  OS Version:	6.1.7601.2.1.0.768.3
  Locale ID:	1033
  Additional Information 1:	39a4
  Additional Information 2:	39a4d7f18c1c7c725934453009d2f1b9
  Additional Information 3:	9b65
  Additional Information 4:	9b65a6e96bd128527d12d25fc3aa2ec1

ie runs in an exhaustion not in an overflow.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ