Re: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS

From: Manu Benoît (tseeker_at_nocternity.net)
Date: 06/07/05

  • Next message: Steven M. Christey: "Second-Order Symlink Vulnerabilities"
    To: bugtraq@securityfocus.com
    Date: Tue, 7 Jun 2005 20:47:56 +0200
    
    

    > .text:12081BDB mov ebx, [esp+arg_C]
    > .text:12081BDF test ebx, ebx
    > .text:12081BE1 jbe short loc_12081C1A
    > .text:12081C13 dec ebx
    > .text:12081C14 mov ecx, esi
    > .text:12081C16 jnz short loc_12081BED
    > .text:12081C18 pop edi
    > .text:12081C19 pop esi

    Unless I'm mistaken, the second line sets the Zero Flag if ebx (the argument)
    is null then jumps after the end of the loop if the flag is set.

    Which means that the count gets checked before entering the loop, and there
    shouldn't be any problem.

    -- 
    TSeeker <tseeker@nocternity.net>
    

  • Next message: Steven M. Christey: "Second-Order Symlink Vulnerabilities"

    Relevant Pages