| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <49414647.8050100@gmail.com> Date: Thu, 11 Dec 2008 09:56:39 -0700 From: don bailey <don.bailey@...il.com> To: Full Disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Two windows exploits in the wild -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > On a more interesting note i feel that slashdot should screen there > writers better Here is a quote that i saw "/The exploit is a typical > heap overflow that appears to be exploiting something in the XML > parser.'" /Try to have someone that knows what a heap overflow look over > the article next time. If it's a heap overflow we know it's exploiting a > heap within the program. > Actually, this seems fine to me. Yes, it's manipulating some heap construct for the purpose of executing injected code.. but, what I think this statement is trying to relay is that the author isn't sure exactly what in the XML parser is being exploited. Obviously, there are 1,000,000 ways to get to Detroit, so to speak. It could be a specific XML module, or it could be something in the core language parser. It might be related to a non XML library that is loaded as a result of parsing XML data in a certain way, etc. I think, in this case, we can give the author a break. D -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklBRkMACgkQttfe3HwtctMz8gCaA0177NbhRfODFtU59Rc/Ps5n sjwAn0XO22WkzOWyeRLv1gpqLYkhK4fl =iKyW -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists