| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Jan 3 23:10:23 2006 From: pvnick at gmail.com (Paul) Subject: Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected] I can repro this on Windows XP Pro with IE7. However, it does not appear to be exploitable. Internet explorer terminates after attempting to execute the following statement: 034ED914 8C82 60770100 MOV WORD PTR DS:[EDX+17760],ES EDX=0 So it's a null pointer bug. Regards, Paul Greyhats Security -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of InfoSecBOFH Sent: Monday, January 02, 2006 1:54 PM To: Stan Bubrouski Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected] Crash dump would be nice too. I have seen this once before but had issues replicating it with other display drivers. On 1/2/06, Stan Bubrouski <stan.bubrouski@...il.com> wrote: > Well if you look at the fact there is no title on titlebar and the > fact the active tab is Untitled, I'd hazard to guess its something he > manually entered into the address bar, and so we don't even know if > this is exploitable by clicking a link or whatnot. > > Not exactly sure why this was posted if no details are provided. > Anything else for us Sumit? > > -sb > > On 1/2/06, Lise Moorveld <lise_moorveld@...oo.com> wrote: > > Dear Sumit, > > > > Could you tell me how you exploited this buffer > > overflow issue in Firefox so I can try and reproduce > > it? I notice a lot of A's in your address bar but I'm > > not sure whether that's it and if so, how many A's are > > used. > > > > Regards, > > > > Lise > > > > --- Sumit Siddharth <sumit.siddharth@...il.com> wrote: > > > > > Hi, > > > The Windows display manager crashes when a BOF is > > > attempted on a mozilla > > > firefox. > > > This has different results on different windows > > > machine. > > > In Windows XP only the display manager crashes , > > > whereas on a Windows 2000 > > > server the BSOD(Blue screen of death )appears and > > > the system hangs. > > > I am using Firefox 1.0.6. I think that the bug is in > > > the display driver and > > > not with firefox. Kindly find a screen shot attached > > > with this email. > > > > > > Thanks > > > Sumit > > > > > > > > > -- > > > > > > Sumit Siddharth > > > Information Security Analyst > > > NII Consulting > > > Web: www.nii.co.in > > > ------------------------------------ > > > NII Security Advisories > > > http://www.nii.co.in/resources/advisories.html > > > ------------------------------------ > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: > > > > > http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - > > http://secunia.com/ > > > > > > > > > > __________________________________________ > > Yahoo! DSL ? Something to write home about. > > Just $16.99/mo. or less. > > dsl.yahoo.com > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.9/217 - Release Date: 12/30/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006
Powered by blists - more mailing lists