| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20080226053009.D8DE215803D@mailserver6.hushmail.com>
Date: Tue, 26 Feb 2008 00:30:09 -0500
From: "Elazar Broad" <elazar@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc:
Subject: Move Networks Quantum Streaming Player
UploadLogs() Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Who:
Move Networks
http://www.movenetworks.com/
What:
Move Networks is a streaming media provider who's clients include
Fox, ABC, ESPN etc. They employ an ActiveX control to display
content in the clients browser.
How:
qsp2ie07074039.dll version 7.7.4.39(digitally signed Tuesday,
September 18, 2007 7:10:35PM)
{E473A65C-8087-49A3-AFFD-C5BC4A10669B}
The url parameter of the UploadLogs() method is vulnerable to a
buffer overflow.
Workaround:
Set the killbit for this control, see
http://support.microsoft.com/kb/240797
Fix:
No official fix known
Exploit:
Will be posted on milw0rm.com
Elazar
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
wpwEAQECAAYFAkfDo+EACgkQi04xwClgpZiSQwP+OVVbAEDFc728APhQBQgcgeOXP/6K
WcLjPLdz2lXRO3P15Umrqgr6tChJ0HbsW40U67+zyw0VG0k87IL6ZOyqjRtNPWwb4j7W
3EjC04vI9pxQBtjoG9ZR80PX6ociLCq7ApS1uOsSDy61N/092E4mIKbCwD6coTuUzP5U
Q56IVKo=
=v29c
-----END PGP SIGNATURE-----
--
Click to shop and save on brand name copiers today.
http://tagline.hushmail.com/fc/Ioyw6h4efL3TOAtEgKVyrVjF0g3IeZGowAyIsMPtoIkky6N3oFUUnm/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists