[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <43bb0458.6a403aa8.278b.ffffbe43@mx.gmail.com>
Date: Tue Jan 3 23:10:23 2006
From: pvnick at gmail.com (Paul)
Subject: Buffer Overflow vulnerability in WindowsDisplay
Manager [Suspected]
I can repro this on Windows XP Pro with IE7. However, it does not appear to
be exploitable. Internet explorer terminates after attempting to execute the
following statement:
034ED914 8C82 60770100 MOV WORD PTR DS:[EDX+17760],ES
EDX=0
So it's a null pointer bug.
Regards,
Paul
Greyhats Security
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of InfoSecBOFH
Sent: Monday, January 02, 2006 1:54 PM
To: Stan Bubrouski
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Buffer Overflow vulnerability in
WindowsDisplay Manager [Suspected]
Crash dump would be nice too.
I have seen this once before but had issues replicating it with other
display drivers.
On 1/2/06, Stan Bubrouski <stan.bubrouski@...il.com> wrote:
> Well if you look at the fact there is no title on titlebar and the
> fact the active tab is Untitled, I'd hazard to guess its something he
> manually entered into the address bar, and so we don't even know if
> this is exploitable by clicking a link or whatnot.
>
> Not exactly sure why this was posted if no details are provided.
> Anything else for us Sumit?
>
> -sb
>
> On 1/2/06, Lise Moorveld <lise_moorveld@...oo.com> wrote:
> > Dear Sumit,
> >
> > Could you tell me how you exploited this buffer
> > overflow issue in Firefox so I can try and reproduce
> > it? I notice a lot of A's in your address bar but I'm
> > not sure whether that's it and if so, how many A's are
> > used.
> >
> > Regards,
> >
> > Lise
> >
> > --- Sumit Siddharth <sumit.siddharth@...il.com> wrote:
> >
> > > Hi,
> > > The Windows display manager crashes when a BOF is
> > > attempted on a mozilla
> > > firefox.
> > > This has different results on different windows
> > > machine.
> > > In Windows XP only the display manager crashes ,
> > > whereas on a Windows 2000
> > > server the BSOD(Blue screen of death )appears and
> > > the system hangs.
> > > I am using Firefox 1.0.6. I think that the bug is in
> > > the display driver and
> > > not with firefox. Kindly find a screen shot attached
> > > with this email.
> > >
> > > Thanks
> > > Sumit
> > >
> > >
> > > --
> > >
> > > Sumit Siddharth
> > > Information Security Analyst
> > > NII Consulting
> > > Web: www.nii.co.in
> > > ------------------------------------
> > > NII Security Advisories
> > > http://www.nii.co.in/resources/advisories.html
> > > ------------------------------------
> > > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > >
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia -
> > http://secunia.com/
> >
> >
> >
> >
> > __________________________________________
> > Yahoo! DSL ? Something to write home about.
> > Just $16.99/mo. or less.
> > dsl.yahoo.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.9/217 - Release Date: 12/30/2005
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006
Powered by blists - more mailing lists