Full Disclosure mailing list archives

(no subject)

From: "Berend-Jan Wever" <skylined () edup tudelft nl>
Date: Wed, 12 Jan 2005 10:39:03 +0100

Hi all,

Here's an exploit for the ANI stack overflow, written for win2ksp4en, IE SP1. Dunno if it will work for other 
platforms, might need some more tweaking of the ani file. Let me know if it doesn't work, but only if you can hand me 
some proper debugging details.

Patch: http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx
Host based products such as Qwik-Fix Pro from PivX already protect against this vulnerability by completely disabling 
the .ANI file format, I found this out after trying to trigger the vuln unsuccessfully for 10 minutes. It took me 
another 10 after turning off Qwik-Fix to write the exploit.

Since my ISP detects it as "Exploit.HTML.IFrameBOF-4" I put the thing in a password protected zip file. The password is 
"margrieta".

Cheers,

Berend-Jan Wever
SMTP: <skylined () edup tudelft nl>
HTTP: http://www.edup.tudelft.nl/~bjwever
MSN: Skylined () edup tudelft nl
IRC: SkyLined in #SkyLined on EFNET
PGP: key ID 0x48479882

Attachment: anieeye.zip
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

(no subject) Berend-Jan Wever (Jan 12)
- Re: (no subject) Raoul Nakhmanson-Kulish (Jan 12)
- <Possible follow-ups>
- (no subject) The Insider (Jan 13)