| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000301c4f88a$902dc330$0100a8c0@grotedoos> From: skylined at edup.tudelft.nl (Berend-Jan Wever) Subject: (no subject) Hi all, Here's an exploit for the ANI stack overflow, written for win2ksp4en, IE SP1. Dunno if it will work for other platforms, might need some more tweaking of the ani file. Let me know if it doesn't work, but only if you can hand me some proper debugging details. Patch: http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx Host based products such as Qwik-Fix Pro from PivX already protect against this vulnerability by completely disabling the .ANI file format, I found this out after trying to trigger the vuln unsuccessfully for 10 minutes. It took me another 10 after turning off Qwik-Fix to write the exploit. Since my ISP detects it as "Exploit.HTML.IFrameBOF-4" I put the thing in a password protected zip file. The password is "margrieta". Cheers, Berend-Jan Wever SMTP: <skylined@...p.tudelft.nl> HTTP: http://www.edup.tudelft.nl/~bjwever MSN: Skylined@...p.tudelft.nl IRC: SkyLined in #SkyLined on EFNET PGP: key ID 0x48479882 -------------- next part -------------- A non-text attachment was scrubbed... Name: anieeye.zip Type: application/octet-stream Size: 3814 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050112/dfe65a46/anieeye.obj
Powered by blists - more mailing lists