| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43B99B55.2070007@heapoverflow.com> Date: Mon Jan 2 21:30:33 2006 From: ad at heapoverflow.com (ad@...poverflow.com) Subject: Buffer Overflow vulnerability in Windows Display Manager [Suspected] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 he said me offline around 52000 chars , and you do not need to press ok to trigger it, its supposed to occur when do you copy paste the chars within the area, however here nothing happen on xp sp2 en + firefox 1.5 , I can just see my AAA buffer replaced by a blank buffer once I paste it in the box.. Stan Bubrouski wrote: > Well if you look at the fact there is no title on titlebar and the > fact the active tab is Untitled, I'd hazard to guess its something he > manually entered into the address bar, and so we don't even know if > this is exploitable by clicking a link or whatnot. > > Not exactly sure why this was posted if no details are provided. > Anything else for us Sumit? > > -sb > > On 1/2/06, Lise Moorveld <lise_moorveld@...oo.com> wrote: >> Dear Sumit, >> >> Could you tell me how you exploited this buffer >> overflow issue in Firefox so I can try and reproduce >> it? I notice a lot of A's in your address bar but I'm >> not sure whether that's it and if so, how many A's are >> used. >> >> Regards, >> >> Lise >> >> --- Sumit Siddharth <sumit.siddharth@...il.com> wrote: >> >>> Hi, >>> The Windows display manager crashes when a BOF is >>> attempted on a mozilla >>> firefox. >>> This has different results on different windows >>> machine. >>> In Windows XP only the display manager crashes , >>> whereas on a Windows 2000 >>> server the BSOD(Blue screen of death )appears and >>> the system hangs. >>> I am using Firefox 1.0.6. I think that the bug is in >>> the display driver and >>> not with firefox. Kindly find a screen shot attached >>> with this email. >>> >>> Thanks >>> Sumit >>> >>> >>> -- >>> >>> Sumit Siddharth >>> Information Security Analyst >>> NII Consulting >>> Web: www.nii.co.in >>> ------------------------------------ >>> NII Security Advisories >>> http://www.nii.co.in/resources/advisories.html >>> ------------------------------------ >>>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: >>> >> http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - >> http://secunia.com/ >> >> >> >> >> __________________________________________ >> Yahoo! DSL ? Something to write home about. >> Just $16.99/mo. or less. >> dsl.yahoo.com >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> ---------------------------------------------------------------------- >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ7mbVK+LRXunxpxfAQLGTxAArIU8bpjYUITigxk5qhadp68ug9qrF3Db hd/lmUF1G2R6jbG97OC9C0HkNJZdgg61xMPPlsNwBIfk7qxcMeXSE23I5y/T2nDX E4gNdiGqmhXa+maLeSYII3YqxVIeAENh6LL/oE9wiiajkrCj9QI2lcfYe6GJZkv5 yW2INyTOWt/Qca465HoV1PwTt6taO5R/AyjTKoO8PjaukUPHrMYt2tJY+p0KvrRc fpvbIXMNQ80/1gTE7KCJeMDtzeiNH8JwxebNpOyU6lcnyLtNH7FSup21DyBJWTg0 bvwpvGQetPbFhJttqtWv6tJU7vF3NE4Q6sASV2EokcjYbAkts+fkxi+zrrVhgLWA kLFpq8OVV+XxmIcR686xGnJhxnlHtrfAT8A8OFwkzvRQnsv4N6UMXXrHJFWh+uJ5 cyWMzaGdUvVkobcFwUvWyG26TsT4Nap56bi/VOVKxkyRrdVPRCTzqHL80GqBJ/I2 SQeE6Q7/b4HL8rreAvUBhP3N0zctxjUTAnfiTS7+XTYsuj8Q5UVKk9rNFRl/9pif zG5kQCEGzQmWSnMi5OfAheuVJMorb4tVta0/l5kgIas/DCv74VwQ5p7EnfBErX5p aQLia8VosnSSjPf9Yx7hzOvqQR+e8W1uIHiKXhbxGTnl/HiJvLvnqskxGwajnSPJ 10D7YhdlAHE= =/Zt9 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists