| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200506071535.j57FZa70043074@mailserver2.hushmail.com> Date: Tue Jun 7 17:06:32 2005 From: auto447062 at hushmail.com (auto447062@...hmail.com) Subject: RE: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS >...The vulnerability exists within the GIF parser in "ateimg32.dll"... Tests: 1. W2k - all updates, logged in w/admin rights. - Opening in Adobe Photoshop 5.5 (most standard plain vanilla graphic parsers, I believe) - Photoshop hung without any error messages. - Firefox 1.0.4 - "broken image" icon - IE 6.0.2800.1106 - blank page, no errors, but slow. 2. XP SP2 with all updates, logged in as local user with veeeeery limited rights - IrfanView 3.97 - "Invalid or unsupported GIF file" error - IE 6.0.2900.2180 SP2does not return any error, shows a blank page - _not_ a broken image icon. - Windows Image and Fax Viewer - no error, blank page with "No preview available, did not hung. 3. Now, a strange, perverted fun - logged into the same XP with admin rights - IE silently dies, nothing in Events Log. 4. Going now to local Macs, will post if there's anything of interest... I've got a feeling that it's not just an AIM problem. Aim higher %^) Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Powered by blists - more mailing lists