lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4A9FE017.8070909@gmail.com>
Date: Thu, 03 Sep 2009 10:26:15 -0500
From: Rohit Patnaik <quanticle@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: PPStream PPSMediaList Activex 0day exploit

There isn't exactly a whole lot of detail here. All you've got posted on 
your blog are two screenshots of the PPStream call stack after a crash.  
There's no detail about what input causes the crash, nor any other 
details about how to make it exploitable.  At present, it's not even 
clear (beyond your word, of course) that vulnerability even *is* 
exploitable.  With more detail, it'd be easier to analyze this 
vulnerability and propose a fix to the developers of this application.

Thanks,
Rohit Patnaik

expose 0day wrote:
> ******************************************************************************
> PPStream is the most huge p2p media player in the world.
> There are two hundred million ppstream users in the world.
> The vulnerability is exploitable,but I have no time to make it,you 
> could visit my blog for detail.^@^
> welcome to http://0dayexpose.blogspot.com/
>
>
> COM Object - {D22DE742-04CD-4B5C-A8A3-82AB3DAEC43D} PPSMediaList Control
> COM Object Filename : C:\PROGRA~1\PPStream\MList.ocx
> RegKey Safe for Script: True
> RegkeySafe for Init: True
> KillBitSet: False
> Company Name        : PPStream Inc.
> Version                : V2.6.86.8900
> Web Site            : http://www.ppstream.com
> *******************************************************************************
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ