Re: [Full-Disclosure] RE: Internet Explorer - Multiple Vulnerabilities

From: Berend-Jan Wever (
Date: 01/21/04

  • Next message: Gadi Evron: "[Full-Disclosure] [Fwd: [TH-research] Bagle remote uninstall]"
    To: <>
    Date: Wed, 21 Jan 2004 14:47:57 +0100

    I looked into the "buffer overflow": it's actually a stack overflow. This
    means Outlook Express just runs out of stack space and terminates. Nothing
    is overwritten, this is not exploitable to gain unauthorized access or
    elevate priviledges.


    > These are not IE vulnerabilities.
    > In all, you have described several ways to do some basic ressource
    > exhaustion by using Internet Explorer as well as an abnomaly in the Apache
    > server and a possible exploitable buffer overflow in Outlook Express. The
    > latter is definitely interesting, provided it is exploitable at all, but
    > first items are not security vulnerabilities - details below.

    Full-Disclosure - We believe in it.

  • Next message: Gadi Evron: "[Full-Disclosure] [Fwd: [TH-research] Bagle remote uninstall]"