[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] VLC media player MKV Parsing POC

To: kaveh ghaemmaghami <kavehghaemmaghami@xxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] VLC media player MKV Parsing POC
From: Mario Vilas <mvilas@xxxxxxxxx>
Date: Wed, 10 Jul 2013 11:06:58 +0200

On Wed, Jul 10, 2013 at 10:57 AM, kaveh ghaemmaghami <
kavehghaemmaghami@xxxxxxxxxxxxxx> wrote:

> 1.The crash you showed does not control eip
>  (its not a stack-based bof)
>

And? You still need to control EIP or the exploit doesn't, you know,
actually work. :P

> 2.not even arbitrary memory
> (check further instructions)
>

You posted only one instruction and it's a read operation, proving nothing.
You're either lazy or don't actually get what's going on.

-- 
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] VLC media player MKV Parsing POC
  - From: Źmicier Januszkiewicz

References:
- [Full-disclosure] VLC media player MKV Parsing POC
  - From: kaveh ghaemmaghami
- Re: [Full-disclosure] VLC media player MKV Parsing POC
  - From: kaveh ghaemmaghami

Prev by Date: Re: [Full-disclosure] VLC media player MKV Parsing POC
Next by Date: Re: [Full-disclosure] VLC media player MKV Parsing POC
Previous by thread: Re: [Full-disclosure] VLC media player MKV Parsing POC
Next by thread: Re: [Full-disclosure] VLC media player MKV Parsing POC
Index(es):
- Date
- Thread