[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Skype 5.3.*.5.2.* Critical Pointer Vulnerability
- To: Levent Kayan <levonkayan@xxxxxxx>
- Subject: Re: [Full-disclosure] Skype 5.3.*.5.2.* Critical Pointer Vulnerability
- From: Mario Vilas <mvilas@xxxxxxxxx>
- Date: Tue, 23 Aug 2011 01:06:03 +0200
Oh, and BTW...
--- Violation Exception Log ---
0:034> g
(f10.ed4): Unknown exception (first chance)
(f10.ed4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=c07ca54b ebx=a96959bc ecx=d8f10db2 edx=0000155f esi=d7263481 edi=3e294540
eip=25c50116 esp=37f91000 ebp=50601616 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
25c50116 cd01 int 1
0:000> !exchain
0018e8f8:
Skype+8be3a0 (00cbe3a0)
This doesn't look like an exploitable buffer overflow to me. I think
you just stumbled upon Skype's anti-debug measures.
On Tue, Aug 23, 2011 at 1:02 AM, Mario Vilas <mvilas@xxxxxxxxx> wrote:
> Perhaps you should post the contents of the advisory here as well. Many
> people won't happily click on a link without any explanations.
>
> On Mon, Aug 22, 2011 at 9:14 PM, Levent Kayan <levonkayan@xxxxxxx> wrote:
>
>> hello,
>>
>> http://vulnerability-lab.com/get_content.php?id=180
>>
>>
>> cheers,
>> noptrix
>>
>> --
>> Name: Levent 'noptrix' Kayan
>> E-Mail: noptrix@xxxxxxxxxxxxxxx
>> GPG key: 0x014652c0
>> Key fingerprint: ABEF 4B4B 5D93 32B8 D423 A623 823D 4162 0146 52C0
>> Homepage: http://www.noptrix.net/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
>
> --
> “There's a reason we separate military and the police: one fights the enemy
> of the state, the other serves and protects the people. When the military
> becomes both, then the enemies of the state tend to become the people.”
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/