Re: [Full-Disclosure] RE: Internet Explorer - Multiple Vulnerabilities

From: Berend-Jan Wever (SkyLined_at_edup.tudelft.nl)
Date: 01/21/04

  • Next message: Gadi Evron: "[Full-Disclosure] [Fwd: [TH-research] Bagle remote uninstall]"
    To: <bugtraq@securityfocus.com>
    Date: Wed, 21 Jan 2004 14:47:57 +0100
    
    

    I looked into the "buffer overflow": it's actually a stack overflow. This
    means Outlook Express just runs out of stack space and terminates. Nothing
    is overwritten, this is not exploitable to gain unauthorized access or
    elevate priviledges.

    Cheers,
    SkyLined

    > These are not IE vulnerabilities.
    >
    > In all, you have described several ways to do some basic ressource
    > exhaustion by using Internet Explorer as well as an abnomaly in the Apache
    > server and a possible exploitable buffer overflow in Outlook Express. The
    > latter is definitely interesting, provided it is exploitable at all, but
    the
    > first items are not security vulnerabilities - details below.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Gadi Evron: "[Full-Disclosure] [Fwd: [TH-research] Bagle remote uninstall]"