| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <653D74053BA6F54A81ED83DCF969DF0801F4EF71@pivxes1.pivx.com> Date: Tue Jan 10 09:34:30 2006 From: mbringle at pivx.com (Michael Bringle) Subject: PoC for the 2 new WMF vulnerabilities (DoS) Yes, I just tested and our PreEmpt product also protects against those since December 7th. It is quite scary that the MS patches don't because of how simple this would have been to stop. Don't they check the command to be run against the set of valid commands? Well I guess that answer to that is no. Maybe third time is a charm! BTW thanks for the PoC links. Michael Bringle Director of Engineering PivX Solutions, Inc. http://www.pivx.com/HomeOffice/ -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Andrey Bayora Sent: Monday, January 09, 2006 2:35 PM To: full-disclosure@...ts.grok.org.uk Subject: [Full-disclosure] PoC for the 2 new WMF vulnerabilities (DoS) Hello list, In case, someone interested: Here is the PoC for the 2 new WMF vulnerabilities discovered by cocoruder (http://ruder.cdut.net) and does not covered by MS06-001. You can download WMF images at: http://www.securityelf.org/files/WMF-DoS.rar Regards, Andrey. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists