| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308111630.52025.steve@stevesworld.hopto.org>
From: steve at stevesworld.hopto.org (Stephen Clowater)
Subject: Notepad popups in Internet Explorer and Out look
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That was my inital thought too, however I've heard rumors that you can use a
virtual function table to override many of these sanity checks in the
Windows.h API. However, If it was just as simple matter of overriding a
function table I would expect to have seen some Proof of concept code by now.
I expect that there is a way to overload the virtual function table, but I
dont think its as trival as some people think it is.
In any event it needs more anyalisis. I've run a debugger agianst IE thru
these exploits, There are no real blatent buffer overflows agianst the return
adresses. So I'm not sure were to look if there is a vunerability.
On August 11, 2003 01:24 pm, Levinson, Karl wrote:
> Microsoft stated in the following article concerning a different
> vulnerability:
>
> http://www.microsoft.com/technet/security/bulletin/MS02-015.asp
>
> "The vulnerability would not enable the attacker to pass any parameters to
> the program. Microsoft is not aware of any programs installed by default in
> any version of Windows that, when called with no parameters, could be used
> to compromise the system."
>
> I could be wrong, but I would imagine this limitation would also apply to
> this Notepad / Wordpad popup issue and prevent it from being anything more
> than an annoyance... unless someone was able to, for example, use a
> different vulnerability beforehand to inject a new version of notepad.exe,
> sort of like the way the Mimail worm used the MS02-015 vulnerability above.
>
>
> -----Original Message-----
> From: Stephen Clowater [mailto:steve@...vesworld.hopto.org]
> Sent: Friday, August 08, 2003 11:45 AM
> To: Richard M. Smith; full-disclosure@...ts.netsys.com
> Subject: [despammed] Re: [Full-Disclosure] Notepad popups in Internet
> Explorer and Outlook
>
>
> I've heard people discusses the possibilities of useing this to execute
> arbitray code before, however, I've never managed to replicate anyones
> findings on this yet, however there has been quite a bit of talk on other
> lists in the past, and I've been asked by people to look into it but I cant
> seem to find anything ethier
>
> Supposivly you can use the same flaw to execute arbitrary code, however,
> I've been unable to see it replicated yet, so I wouldnt put much stalk into
> it.
- --
- -
******************************************************************************
Stephen Clowater
Now, it we had this sort of thing:
yield -a for yield to all traffic
yield -t for yield to trucks
yield -f for yield to people walking (yield foot)
yield -d t* for yield on days starting with t
...you'd have a lot of dead people at intersections, and traffic jams you
wouldn't believe...
(Discussion in comp.os.linux.misc on the intuitiveness of commands.)
The 3 case C++ function to determine the meaning of life:
char *meaingOfLife(){
#ifdef _REALITY_
char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ?
/dev/null:/dev/random);
#endif
#ifdef _POLITICALY_CORRECT_
char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");
#endif
#ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_
cout << "Sending Income Data From Hard Drive Now!\n";
System("dd if=/dev/urandom of=/dev/hda");
#endif
return Meaning_of_your_life;
}
*****************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/N+7rcyHa6bMWAzYRAk9eAKCLm0yK/9hs8eYQko06o/RVz9zK6wCdGW/l
MTJw6c/+MdcR9aEnFdO3jOY=
=wYxU
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists