[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Internet Explorer Ver6.0.2800.1106 vulnerability

No *obvious* way to inject code. Don't rule out something like this working: 

<script>
var exploit96 = "some long-ass string that's just printable-96 chars"
var wwidth = (window.innerWidth)?yadda yadda...

and exploit96 just happens to end up someplace interesting/useful, and
gets successfully interpreted as executable code.....

A few years ago, somebody found an interesting overflow-the-environment
bug in a lot of telnetd's.  Of course, the *tough* part was the fact
that you had to cram literally 45 megabytes or so of crap down telnetd's
throat first, to get the memory layout where you needed it for when
something overflowed a buffer......


Ah, I am enlightened.

Pritty bloody tricky thing though.

Aaron

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/