Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox
From: Juha-Matti Laurio (juha-matti.laurio_at_netti.fi)
Date: 09/17/05
- Previous message: Bipin Gautam: "Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox"
- Maybe in reply to: Juha-Matti Laurio: "Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 17 Sep 2005 18:45:19 +0300 (EEST) To: full-disclosure@lists.grok.org.uk, gautam.bipin@gmail.com
> On 9/14/05, Juha-Matti Laurio <juha-matti.laurio@netti.fi> wrote:
> > >Hi all,
> > >Research and development has let to a ~90% reliable working exploit
for the
> > >IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is
A short correction that this part of message is from SkyLined's posting:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037045.html
- Juha-Matti
> What? The exploit only works on winxp sp2 if DEP is turned off.....
> (or is it JUST there is another way in?) Your explanation is
> confusing!
>
> DEP That's turned ON by default... & most of us choose to turn it on
> for all service & softwares.
>
> --
>
> Bipin Gautam
> http://bipin.tk
>
> Zeroth law of security: The possibility of poking a system from lower
> privilege is zero unless & until there is possibility of direct,
> indirect or consequential communication between the two...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Bipin Gautam: "Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox"
- Maybe in reply to: Juha-Matti Laurio: "Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
