lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <43FB1967D03EC7449A77FA91322E36480332681E@SVL1XCHCLUPIN01.enterprise.veritas.com>
Date: Wed, 8 Nov 2006 10:16:18 -0800
From: "Peter Ferrie" <pferrie@...antec.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: code-crunchers@...testar.linuxbox.org
Subject: Re: [Code-Crunchers] windows vulnerability? [was:
	Re: 137 bytes]

> Using the PE as a vector to attack the PE loader with
> (potential!) code execution for privilage esclation.
> Using the PE itself as a vector of attack.

I made a malformed PE file that caused a BSOD in all Windows
versions, including XP SP1.  99 bytes. :-)
I don't know if it was exploitable, and Microsoft said "it's
not a vulnerability", but then they silently fixed it.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ