RE: old netscape vuln - affecting XP/explorer?

From: Ian Webb (webbi@sapc.edu)
Date: 09/07/02 

From: "Ian Webb" <webbi@sapc.edu>
To: <vuln-dev@securityfocus.com>
Date: Sat, 7 Sep 2002 08:21:16 -0400

I can't reproduce on XP Pro, all current hotfixes. I *do* have MS02-050
patched, so maybe that's the difference. I don't see how it possibly
could be, though. (I don't have the MS02-049 patch installed, as I don't
have Visual Foxpro on this system.) The only other difference I can
think of is that I have the WMP 9 beta installed.

Anyone else been able to reproduce this?

-----Original Message-----
From: cassidy macfarlane [mailto:cmac23@barrysworld.com]
Sent: Friday, September 06, 2002 7:57 AM
To: vuln-dev@securityfocus.com
Subject: old netscape vuln - affecting XP/explorer?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi
I posted this to bugtraq, but was advised to post here..

I d/loaded the old 'crash-netscape.jpg' from secfocus (id 1503,
http://online.securityfocus.com/data/vulnerabilities/exploits/crash-nets
cape.jpg )
Sorry if it wraps

intending to have a play with Mozilla ;). I stuck it into my cygwin
dir on my local HD.

When I browse to this folder using explorer (***Tiles view***),
I get an explorer restart. (all open explorer windows close, but apps
persist)

/snip
Faulting application explorer.exe, version 6.0.2600.0, faulting
module ntdll.dll, version 5.1.2600.0, fault address 0x00003812.

0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 36 e 6.0.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in
0030: 6e 74 64 6c 6c 2e 64 6c ntdll.dl
0038: 6c 20 35 2e 31 2e 32 36 l 5.1.26
0040: 30 30 2e 30 20 61 74 20 00.0 at
0048: 6f 66 66 73 65 74 20 30 offset 0
0050: 30 30 30 33 38 31 32 0d 0003812.
0058: 0a .

/end snip

I'm running XP Pro, all hotfixes (apart from todays....MS02-049 and
MS02-050...yawn)

Does anyone else get the same?
Is this exploitable? - I get the same address (0x0003812) every
time...is this adjustable with the header/etc in the dodgy .jpg?

TIA, and apologies if this is known or a misconfiguration.

Cassidy Macfarlane
Group IT
www.tenongroup.com

PGP fingerprint: 31A2 1A52 6CB9 E91C 27D8 9C5C FC40 4FD7 5E96 E1A4

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPXiXUvxAT9deluGkEQIuewCgzZPslfiGX/EbwH3SEPXw2k5MHxsAoIMv
WyrI7Lv3qUtHxGtfbboxOkJB
=sXVg
-----END PGP SIGNATURE-----

Relevant Pages

  • NTOSKRNL corrupted?
    ... Win2K Pro. ... It failed to boot after doing the restart. ... I'm not sure the hotfixes caused the ...
    (microsoft.public.win2000.setup)
  • Recovery console - access denied?
    ... I have Windows 2000 Pro with SP4 and all the latest hotfixes. ... into a strange problem with some files that I can't delete because they are ...
    (microsoft.public.win2000.general)
  • Re: Links not working an Excel spreadsheet with VBA buttons on it.
    ... I can not reproduce the problem on my machine(excel ... 2003, windows xp pro). ... So can you create new worksheet to do the test to see if the problem ...
    (microsoft.public.excel.programming)
  • updated XP SP2 + hotfixes CD
    ... http://support.microsoft.com/kb/913086 but that is just a cd of hotfixes ... I am looking for a regular bootable XP Pro ... SP2 CD that has all of the hotfixes already slipstreamed. ... admins if MS released a new ISO image every month with the related hotfixes ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cannot send webpage by mail
    ... > Operating system:XP PRO all hotfixes etc. up to date ... > IE vers:6.0.2900.2180 ... Prev by Date: ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Loading