Full Disclosure mailing list archives
Re: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POCExploit
From: "Clemens, Dan" <Dan.Clemens () healthsouth com>
Date: Fri, 17 Sep 2004 20:37:23 -0500
I may not have a clue but when I read the email from the author of this "POC" it stated that it was a poc to show where the overflow will occur and doesn't actually exploit the vulnerability. Furthermore the vulnerability is a heap based overflow which means that successful worm like exploitation isn't really the highest possibility as you suggest in your fear based email. Simply, Dan -----Original Message----- From: admin () exploitwatch org <admin () exploitwatch org> To: full-disclosure () lists netsys com <full-disclosure () lists netsys com>; bugtraq () securityfocus com <bugtraq () securityfocus com>; vulnwatch () vulnwatch org <vulnwatch () vulnwatch org> Sent: Fri Sep 17 03:50:01 2004 Subject: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POCExploit A PoC for the Windows XP JPEG has been published. Because of the potential impact, it is anticipated that this exploit will be widely used by worms and other malware within a short period of time. http://www.gulftech.org/?node=downloads Regards, admin () exploitwatch org http://exploitwatch.org Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POCExploit Clemens, Dan (Sep 17)