[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] QuickZip 0day detailed write-up

To: "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] QuickZip 0day detailed write-up
From: Security <security@xxxxxxxxxx>
Date: Mon, 15 Mar 2010 19:24:23 +0100

In case some of you missed it - I published 2 articles on the Offensive 
Security Blog (last one was published a few hours ago), explaining the process 
of building a (not so typical) SEH based exploit for a QuickZip 0day 
vulnerability.

Part 1 : 
http://www.offensive-security.com/blog/vulndev/quickzip-stack-bof-0day-a-box-of-chocolates/

Part 2 : 
http://www.offensive-security.com/blog/vulndev/quickzip-stack-bof-a-box-of-chocolates-part-2/


Enjoy !

Corelanc0d3r


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] SecurityFocus to partially shut down
Next by Date: Re: [Full-disclosure] SecurityFocus to partially shut down
Previous by thread: [Full-disclosure] ZDI-10-029: Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability
Next by thread: [Full-disclosure] Two goodies. uw-imapd < 2004b remote exploit && spamass-milter vuln verifier
Index(es):
- Date
- Thread