[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))
- To: "Berend-Jan Wever" <skylined@xxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))
- From: "Menashe Eliezer" <menashe@xxxxxxxxxx>
- Date: Mon, 8 Nov 2004 00:21:43 +0200
The published exploit is working also with the <EMBED> tag, and not just
with the <IFRAME> and the <FRAME> tags.
Finjan's advisory can be found at:
http://www.finjan.com/SecurityLab/AttackandExploitReports/alert_show.asp
?attack_release_id=114
==
Regards,
Menashe Eliezer
Senior application security architect
Malicious Code Research Center
Finjan Software
http://www.finjan.com/mcrc
Prevention is the best cure!
-----Original Message-----
From: morning_wood [mailto:se_cur_ity@xxxxxxxxxxx]
Sent: Tuesday, November 02, 2004 3:44 PM
To: Berend-Jan Wever; full-disclosure@xxxxxxxxxxxxxxxx;
bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME
property bufferoverflow PoC exploit (was: python does mangleme (with IE
bugs!))
bindshell success ( html run from local ) connect from remote success...
this is NASTY
if shellcode modified this will do reverse or exe drop i assume....
good work,
Donnie Werner
-----------------------------------------------
This message was scanned for malicious content and viruses by Finjan Internet
Vital Security 1Box(tm)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html