Does IE object type overflow work only on an Administrator account?
From: kathy tuckey (kdtuckey_at_hotmail.com)
Date: 07/24/03
- Previous message: Andrew Thomas: "Anyone looked at the canary stack protection in Win2k3?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: vuln-dev@securityfocus.com Date: Thu, 24 Jul 2003 18:03:07 +0000
Does IE object type overflow work only on an Administrator account?
I'm puzzled by the following behaviour on a default install of WindowsXP Pro
(IE 6.0):
Using html page containing: <object type =
"[/x64]AAAAAAAAAAAAAAAAAA">whatever</object>
As a user with Administrator priveleges with default security settings, IE
crashes (buffer is overflowed). As a user with Administrator priveleges with
IE security settings set to "high", IE still crashes.
As a user with limited priveleges, the page loads fine and "whatever"
appears on the screen. IE doesn't crash. The urlmon function causing the
buffer overflow is never called by IE. (the breakpoint doesn't break) In
this case, changing IE's security settings to "low" doesn't make a
difference.
Does IE treat a user with limited priveleges differently than with
Administrator priveleges? Am I simply missing a setting somewhere?
Any words of wisdom?
Thanks,
Kathy
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
- Previous message: Andrew Thomas: "Anyone looked at the canary stack protection in Win2k3?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
