Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox
From: Bipin Gautam (gautam.bipin_at_gmail.com)
Date: 09/17/05
- Previous message: Thierry Carrez: "[Full-disclosure] ERRATA: [ GLSA 200507-20 ] Shorewall: Security policy bypass"
- In reply to: Juha-Matti Laurio: "Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox"
- Next in thread: Juha-Matti Laurio: "Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 17 Sep 2005 19:44:09 +0545 To: full-disclosure@lists.grok.org.uk
On 9/14/05, Juha-Matti Laurio <juha-matti.laurio@netti.fi> wrote:
> >Hi all,
> >Research and development has let to a ~90% reliable working exploit for the
> >IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is
What? The exploit only works on winxp sp2 if DEP is turned off.....
(or is it JUST there is another way in?) Your explanation is
confusing!
DEP That's turned ON by default... & most of us choose to turn it on
for all service & softwares.
-- Bipin Gautam http://bipin.tk Zeroth law of security: The possibility of poking a system from lower privilege is zero unless & until there is possibility of direct, indirect or consequential communication between the two... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Thierry Carrez: "[Full-disclosure] ERRATA: [ GLSA 200507-20 ] Shorewall: Security policy bypass"
- In reply to: Juha-Matti Laurio: "Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox"
- Next in thread: Juha-Matti Laurio: "Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
