lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <e2e992820910032032j3fdf2ecaiac628de251da740@mail.gmail.com>
Date: Sat, 3 Oct 2009 20:32:27 -0700
From: Freddie Vicious <fred.vicious@...il.com>
To: Berend-Jan Wever <berendjanwever@...il.com>,
	full-disclosure@...ts.grok.org.uk
Subject: Re: Exploiting memory corruption vulnerabilities
	on Internet Explorer 8

Yeah that's prrety obvious that there's one way or another to bypass DEP and
ASLR but if you chose not to share it and don't have anything useful to say,
it'll be better not to say anything.

On Thu, Oct 1, 2009 at 12:55 PM, Berend-Jan Wever
<berendjanwever@...il.com>wrote:

> FYI: ASLR & DEP can be bypassed on x86, there's just nothing public at the
> moment.
>
> Cheers,
>
> SkyLined
>
> Berend-Jan Wever <berendjanwever@...il.com>
> http://skypher.com/SkyLined
>
>
>
>
>   On Thu, Oct 1, 2009 at 6:44 PM, Freddie Vicious <fred.vicious@...il.com>wrote:
>
>>   Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
>> DEP/ASLR there... But as you said, so far there's no known "catch-all"
>> technique against IE8.
>> Along with other security features (
>> http://blogs.msdn.com/architecture/archive/2009/08/13/internet-explorer-8-rated-tops-against-malware-and-phishing-attacks.aspx)
>> this basicly means that IE8 is the most secure web browser nowadays?
>>
>>  On Thu, Oct 1, 2009 at 8:27 AM, Jared DeMott <jared.demott@...ris.com>wrote:
>>
>>> I'm not aware of any catch-all technique just for IE8, though there are
>>> a few common ones like return oriented programming.  Application
>>> specific techniques are also common when third party extensions are
>>> involved.
>>>
>>> --
>>> __________________________________________
>>> Jared D. DeMott
>>> Principal Security Researcher
>>>
>>>
>>
>>
>> --
>> Best wishes,
>> Freddie Vicious
>> http://twitter.com/viciousf
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>


-- 
Best wishes,
Freddie Vicious
http://twitter.com/viciousf

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ