[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow

To: "flashsky" <flashsky@xxxxxxxxxx>
Subject: [Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow
From: Brett Glass <brett@xxxxxxxxxx>
Date: Sat, 25 Dec 2004 12:36:16 -0700

I don't see why one would need a script to exploit the hole.

In any event, I'd like to shim the API to catch this bug, since the fat and 
sassy millionaire
monopolists at Microsoft are unlikely to get off their derrieres to fix the bug 
during
Christmas. Unfortunately, it's part of a big system DLL with tons of entry 
points. How best to 
shim it?

--Brett

At 07:19 PM 12/24/2004, flashsky wrote:

>    This vul can be exploited, at 
> http://www.xfocus.net/flashsky/icoExp/index.html ,i give a test exp(open 
> 28876 port) for windows xp sp1, but it need html sctipt run and allocate 
> memory.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow
  - From: flashsky

Prev by Date: RE: [inbox] Re: [Full-Disclosure] This sums up Yahoo!s security policy to a -T-
Next by Date: [Full-Disclosure] Re: Microsoft Windows LoadImage API IntegerBuffer overflow
Previous by thread: [Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow
Next by thread: Re: [Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow
Index(es):
- Date
- Thread