Re: Is it possible?

From: Matt Gibson (mattg_at_blueedgetech.ca)
Date: 08/29/05 

Date: Sun, 28 Aug 2005 19:57:53 -0700

Far too many ways to list.

Rogue ActiveX control, Buffer overflow in embedded Midi....

That's like asking "how long is a piece of string".

Matt Gibson - GSEC

Relevant Pages

  • iDEFENSE OSF1/Tru64 3.x vuln clarification
    ... VU#510235 - dtsession vulnerable to buffer overflow via long string of ... characters supplied as "-contextDir" command line argument ... > - the type of vulnerability ...
    (Bugtraq)
  • [Full-Disclosure] iDEFENSE OSF1/Tru64 3.x vuln clarification
    ... VU#510235 - dtsession vulnerable to buffer overflow via long string of ... characters supplied as "-contextDir" command line argument ... > - the type of vulnerability ...
    (Full-Disclosure)
  • Listbox And Combobox Control Buffer Overflow
    ... = Listbox And Combobox Control Buffer Overflow ... As past history has shown us, Windows has many buffer overflow resulting ... Pointer to the null-terminated string that ... After sending a message with a large pathname utilman will cause an ...
    (Bugtraq)
  • [Full-Disclosure] Listbox And Combobox Control Buffer Overflow
    ... = Listbox And Combobox Control Buffer Overflow ... As past history has shown us, Windows has many buffer overflow resulting ... Pointer to the null-terminated string that ... After sending a message with a large pathname utilman will cause an ...
    (Full-Disclosure)
  • Re: Privilege-escalation attacks on NT-based Windows are unfixable
    ... > Buffer overflow is allowed by the fact that C has structures (arrays, ... "string", which puts a zero at the end. ... since the low-level nature of what's being done is not obfuscated. ... but the language used should be lower-level than C. ...
    (comp.os.ms-windows.nt.admin.security)