Hi all, Here's an exploit for the ANI stack overflow, written for win2ksp4en, IE SP1. Dunno if it will work for other platforms, might need some more tweaking of the ani file. Let me know if it doesn't work, but only if you can hand me some proper debugging details. Patch: http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx Host based products such as Qwik-Fix Pro from PivX already protect against this vulnerability by completely disabling the .ANI file format, I found this out after trying to trigger the vuln unsuccessfully for 10 minutes. It took me another 10 after turning off Qwik-Fix to write the exploit. Since my ISP detects it as "Exploit.HTML.IFrameBOF-4" I put the thing in a password protected zip file. The password is "margrieta". Cheers, Berend-Jan Wever SMTP: <skylined@xxxxxxxxxxxxxxx> HTTP: http://www.edup.tudelft.nl/~bjwever MSN: Skylined@xxxxxxxxxxxxxxx IRC: SkyLined in #SkyLined on EFNET PGP: key ID 0x48479882
Attachment:
anieeye.zip
Description: Binary data
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html