Full Disclosure mailing list archives
RE: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))
From: "Menashe Eliezer" <menashe () finjan com>
Date: Mon, 8 Nov 2004 00:21:43 +0200
The published exploit is working also with the <EMBED> tag, and not just with the <IFRAME> and the <FRAME> tags. Finjan's advisory can be found at: http://www.finjan.com/SecurityLab/AttackandExploitReports/alert_show.asp ?attack_release_id=114 == Regards, Menashe Eliezer Senior application security architect Malicious Code Research Center Finjan Software http://www.finjan.com/mcrc Prevention is the best cure! -----Original Message----- From: morning_wood [mailto:se_cur_ity () hotmail com] Sent: Tuesday, November 02, 2004 3:44 PM To: Berend-Jan Wever; full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: Re: [Full-disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) bindshell success ( html run from local ) connect from remote success... this is NASTY if shellcode modified this will do reverse or exe drop i assume.... good work, Donnie Werner ----------------------------------------------- This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Berend-Jan Wever (Nov 01)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) morning_wood (Nov 02)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Georgi Guninski (Nov 09)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) pachiderme pachiderme (Nov 09)
- <Possible follow-ups>
- RE: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Menashe Eliezer (Nov 07)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Berend-Jan Wever (Nov 07)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) patryn (Nov 08)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Valdis . Kletnieks (Nov 08)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Jim Geovedi (Nov 09)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Berend-Jan Wever (Nov 07)