Re: [Full-disclosure] AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows

-----Original Message-----
From: reepex
Sent: Dec 25, 2007 10:53 PM
To: Elazar Broad , full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows

On Dec 25, 2007 5:29 PM, Elazar Broad <elazarb@xxxxxxxxxxxxx> wrote:

The AOL YGP Picture Editor Control(AIM PicEditor Control) version 9.5.1.8 suffers from multiple exploitable buffer overflows in various properties. This object is marked safe for scripting. I have not tested other versions. PoC as follows:

How does a bunch of 'A's prove something is exploitable?

Relevant Pages

• Re: [Full-disclosure] (no subject)
  ... reepex wrote: ... > Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
  (Full-Disclosure)
• Re: [Full-disclosure] Flash that simulates virus scan
  ... well, confusing reepex with an infosec worker is pretty bad, but we ... Full-Disclosure - We believe in it. ... Hosted and sponsored by Secunia - http://secunia.com/ ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ...
  (Full-Disclosure)
• Re: [Full-disclosure] (no subject)
  ... reepex wrote: ... > Full-Disclosure - We believe in it. ... > Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
  (Full-Disclosure)
• Re: [Full-disclosure] (no subject)
  ... reepex wrote: ... > Full-Disclosure - We believe in it. ... > Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
  (Full-Disclosure)
• Re: [Full-disclosure] (no subject)
  ... reepex wrote: ... > Full-Disclosure - We believe in it. ... > Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
  (Full-Disclosure)