Re: [Full-Disclosure] Re: Internet Explorer >=5.0 : Buffer overflow

• Previous message: bugzilla_at_redhat.com: "[Full-Disclosure] [RHSA-2003:064-01] Updated XFree86 4.1.0 packages are available"
• In reply to: SecurITeam BugTraq Monitoring: "[Full-Disclosure] Re: Internet Explorer >=5.0 : Buffer overflow"
• Next in thread: Rick: "RE: [Full-Disclosure] Re: Internet Explorer >=5.0 : Buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: SecurITeam BugTraq Monitoring <bugtraq@securiteam.com>
Date: Wed, 25 Jun 2003 17:59:12 +0200 (CEST)

On Wed, 25 Jun 2003, SecurITeam BugTraq Monitoring wrote:

> Hi,
>
> I can confirm it under Windows 2000 with IE 5.50.4807.2300
>
> Full control over the EIP, but the shellcode cannot contain (as it currently
> appears) non Alpha Numeric characters, too bad I guess.

http://www.0x36.org/PAPERS/SHELLCODE/p57-0x0f.txt
There is no reason for this to work in the windows world.

-- 
Philippe Biondi <biondi@ cartel-securite.fr> Cartel Sécurité
Security Consultant/R&D                      http://www.cartel-securite.fr
Phone: +33 1 44 06 97 94                     Fax: +33 1 44 06 97 99
PGP KeyID:3D9A43E2  FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: bugzilla_at_redhat.com: "[Full-Disclosure] [RHSA-2003:064-01] Updated XFree86 4.1.0 packages are available"
• In reply to: SecurITeam BugTraq Monitoring: "[Full-Disclosure] Re: Internet Explorer >=5.0 : Buffer overflow"
• Next in thread: Rick: "RE: [Full-Disclosure] Re: Internet Explorer >=5.0 : Buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]