[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Buffer Overflow vulnerability in Windows Display Manager [Suspected]
- To: Stan Bubrouski <stan.bubrouski@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Buffer Overflow vulnerability in Windows Display Manager [Suspected]
- From: InfoSecBOFH <infosecbofh@xxxxxxxxx>
- Date: Mon, 2 Jan 2006 10:54:23 -0800
Crash dump would be nice too.
I have seen this once before but had issues replicating it with other
display drivers.
On 1/2/06, Stan Bubrouski <stan.bubrouski@xxxxxxxxx> wrote:
> Well if you look at the fact there is no title on titlebar and the
> fact the active tab is Untitled, I'd hazard to guess its something he
> manually entered into the address bar, and so we don't even know if
> this is exploitable by clicking a link or whatnot.
>
> Not exactly sure why this was posted if no details are provided.
> Anything else for us Sumit?
>
> -sb
>
> On 1/2/06, Lise Moorveld <lise_moorveld@xxxxxxxxx> wrote:
> > Dear Sumit,
> >
> > Could you tell me how you exploited this buffer
> > overflow issue in Firefox so I can try and reproduce
> > it? I notice a lot of A's in your address bar but I'm
> > not sure whether that's it and if so, how many A's are
> > used.
> >
> > Regards,
> >
> > Lise
> >
> > --- Sumit Siddharth <sumit.siddharth@xxxxxxxxx> wrote:
> >
> > > Hi,
> > > The Windows display manager crashes when a BOF is
> > > attempted on a mozilla
> > > firefox.
> > > This has different results on different windows
> > > machine.
> > > In Windows XP only the display manager crashes ,
> > > whereas on a Windows 2000
> > > server the BSOD(Blue screen of death )appears and
> > > the system hangs.
> > > I am using Firefox 1.0.6. I think that the bug is in
> > > the display driver and
> > > not with firefox. Kindly find a screen shot attached
> > > with this email.
> > >
> > > Thanks
> > > Sumit
> > >
> > >
> > > --
> > >
> > > Sumit Siddharth
> > > Information Security Analyst
> > > NII Consulting
> > > Web: www.nii.co.in
> > > ------------------------------------
> > > NII Security Advisories
> > > http://www.nii.co.in/resources/advisories.html
> > > ------------------------------------
> > > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > >
> > http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia -
> > http://secunia.com/
> >
> >
> >
> >
> > __________________________________________
> > Yahoo! DSL – Something to write home about.
> > Just $16.99/mo. or less.
> > dsl.yahoo.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/