Re: [Full-disclosure] Steve Gibson smokes crack?
- From: blad3 <fd@xxxxxxxx>
- Date: Sat, 14 Jan 2006 14:56:02 +0200
Saturday, January 14, 2006, 1:26:36 PM, you wrote:
> On Fri, Jan 13, 2006 at 05:55:17PM -0500, eric williams wrote:
>> however, the question is I gather flowing from the Gibson commentary,
>> how or what exactly causes WINE to execute the code pointed at by the
>> SetAbortProc record? Is it the "incorrect record length" is it some
>> other munged input, is it "by design" which has also been alluded to,
>> and seems to be your reference here.
> So what I found was that, when I deliberately lied about the size of this
> record and set the size to one and no other value, and I gave this particular
> byte sequence that makes no sense for a metafile, then Windows created a
> thread and jumped into my code, began executing my code.
> It turns out that the only way to get Windows to misbehave in this bizarre
> fashion is to set the length to one, which is an impossible value. I tried
> setting it to zero. It didn't trigger the exploit. I tried setting it to two,
> no effect. Three, no effect. Nothing, not even the correct length. Only one.
The claim about the length is not true.
Btw, somebody else in this thread already proved that.
> using invalid values to exploit a "design flaw" is "strange" at least.
> can someone comment if the claim about the length is true?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] Steve Gibson smokes crack?
- Next by Date: RE: [Full-disclosure] Steve Gibson smokes crack?
- Previous by thread: Re: [Full-disclosure] Steve Gibson smokes crack?
- Next by thread: Re: [Full-disclosure] Steve Gibson smokes crack?