[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200407121914.02506.d.huecking@gmx.net>
From: d.huecking at gmx.net (David Huecking)
Subject: Firefox 0.92 DoS via TinyBMP
Hmm, very funny modified BMPs?!
david@...ia:~/tiny> wget -r http://www.4rman.com/exploits/tinybmp.htm
[...]
david@...ia:~/tiny/www.4rman.com/exploits> ll
insgesamt 44
-rw-r--r-- 1 david users 58 2004-04-07 23:05 little.bmp
-rw-r--r-- 1 david users 58 2004-04-07 23:05 little10.bmp
-rw-r--r-- 1 david users 58 2004-04-07 23:04 little2.bmp
-rw-r--r-- 1 david users 58 2004-04-07 23:04 little3.bmp
-rw-r--r-- 1 david users 58 2004-04-07 23:04 little4.bmp
-rw-r--r-- 1 david users 58 2004-04-07 23:04 little5.bmp
-rw-r--r-- 1 david users 58 2004-04-07 23:05 little6.bmp
-rw-r--r-- 1 david users 58 2004-04-07 23:05 little7.bmp
-rw-r--r-- 1 david users 58 2004-04-07 23:05 little8.bmp
-rw-r--r-- 1 david users 58 2004-04-07 23:05 little9.bmp
-rw-r--r-- 1 david users 822 2004-04-07 23:05 tinybmp.htm
david@...ia:~/tiny/www.4rman.com/exploits> file *
little.bmp: PC bitmap data, Windows 3.x format, 1114111 x 202 x 24
little10.bmp: PC bitmap data, Windows 3.x format, 1114111 x 6 x 24
little2.bmp: PC bitmap data, Windows 3.x format, 1114111 x 121 x 24
little3.bmp: PC bitmap data, Windows 3.x format, 1114111 x 89 x 24
little4.bmp: PC bitmap data, Windows 3.x format, 1114111 x 52 x 24
little5.bmp: PC bitmap data, Windows 3.x format, 1114111 x 40 x 24
little6.bmp: PC bitmap data, Windows 3.x format, 1114111 x 24 x 24
little7.bmp: PC bitmap data, Windows 3.x format, 1114111 x 24 x 24
little8.bmp: PC bitmap data, Windows 3.x format, 1114111 x 6 x 24
little9.bmp: PC bitmap data, Windows 3.x format, 1114111 x 6 x 24
tinybmp.htm: HTML document text
Pretty wide/ large Bitmaps in 24Bit color-depth.
OK, and now some mathematics: (only the full MBs)
1114111 * 202 * 3 Byte = 644 MB
1114111 * 6 * 3 Byte = 19 MB
1114111 * 121 * 3 Byte = 385 MB
1114111 * 89 * 3 Byte = 283 MB
1114111 * 52 * 3 Byte = 165 MB
1114111 * 40 * 3 Byte = 127 MB
1114111 * 24 * 3 Byte = 76 MB
1114111 * 24 * 3 Byte = 76 MB
1114111 * 6 * 3 Byte = 19 MB
1114111 * 6 * 3 Byte = 19 MB
All in all: 1812 MB. Should be enough to fill the one or other main memory...
Just for fun opened little10.bmp with gimp and saved it as tif:
david@...ia:~/tiny/www.4rman.com/exploits> ll -h little10.*
-rw-r--r-- 1 david users 58 2004-04-07 23:05 little10.bmp
-rw-r--r-- 1 david users 20M 2004-07-12 19:12 little10.tif
So we see the true nature of this picture.
On Montag, 12. Juli 2004 13:23, thE_iNviNciblE wrote:
> Hi,
>
> there is a security vulnerability in Firebox 0.92 (latest Version)
>
> http://www.4rman.com/exploits/tinybmp.htm
>
> this link causes that your virutal memory will be rise up 1,2 GB used
> Memory...
>
> maybe Thunderbird 0.72 is also vulnerable via HTML.
>
> credits to: StupidWhiteMan
--
Eat, sleep and go running,
David Huecking.
Encrypted eMail welcome!
GnuPG/ PGP-Key: 0x57809216. Fingerprint:
3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216
Powered by blists - more mailing lists