| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <402FCA0E.902@onryou.com> From: lists2 at onryou.com (Cael Abal) Subject: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 |> .. Rrrrriiiiggghhhttt. Way to go, using a signed integer for an |> offset. Now all we have to do is create a BMP with bfOffBits > 2^31, | | I would caution everyone against assuming that this code has not | been altered since it left the confines of Redmond. If I were | to steal Microsoft code and release it to the Internet, I'd be | tempted to make a few strategic modifications first, just to | stir things up. Especially if I were, shall we say, not exactly | a Microsoft fan... Interesting point, but keep in mind the original author also included a POC which (reportedly, unconfirmed) affected IE5. That'd suggest it is indeed Redmond code. C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFAL8oOR2vQ2HfQHfsRAlq2AJ4pP2TxCp2Ac0uIMxou3uuZVZbMjwCfWQWA PsPhhr546k91p0ssj/ps0cg= =k6nN -----END PGP SIGNATURE-----
Powered by blists - more mailing lists