| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <088601c6837b$c393feb0$0300a8c0@AMDLAPTOP> Date: Tue May 30 01:10:06 2006 From: angray at beeb.net (Aaron Gray) Subject: Internet Explorer Ver6.0.2800.1106 vulnerability >No *obvious* way to inject code. Don't rule out something like this >working: > ><script> >var exploit96 = "some long-ass string that's just printable-96 chars" >var wwidth = (window.innerWidth)?yadda yadda... > >and exploit96 just happens to end up someplace interesting/useful, and >gets successfully interpreted as executable code..... > >A few years ago, somebody found an interesting overflow-the-environment >bug in a lot of telnetd's. Of course, the *tough* part was the fact >that you had to cram literally 45 megabytes or so of crap down telnetd's >throat first, to get the memory layout where you needed it for when >something overflowed a buffer...... Ah, I am enlightened. Pritty bloody tricky thing though. Aaron
Powered by blists - more mailing lists