Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected]

From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Mon, 02 Jan 2006 22:29:57 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
he said me offline around 52000 chars , and you do not need to press
ok to trigger it, its supposed to occur when do you copy paste the
chars within the area, however here nothing happen on xp sp2 en +
firefox 1.5 , I can just see my AAA buffer replaced by a blank buffer
once I paste it in the box..




Stan Bubrouski wrote:

Well if you look at the fact there is no title on titlebar and the
fact the active tab is Untitled, I'd hazard to guess its something he
manually entered into the address bar, and so we don't even know if
this is exploitable by clicking a link or whatnot.

Not exactly sure why this was posted if no details are provided.
Anything else for us Sumit?

-sb

On 1/2/06, Lise Moorveld <lise_moorveld () yahoo com> wrote:

Dear Sumit,

Could you tell me how you exploited this buffer
overflow issue in Firefox so I can try and reproduce
it? I notice a lot of A's in your address bar but I'm
not sure whether that's it and if so, how many A's are
used.

Regards,

Lise

--- Sumit Siddharth <sumit.siddharth () gmail com> wrote:


Hi,
The Windows display manager crashes when a BOF is
attempted on a mozilla
firefox.
This has different results on different windows
machine.
In Windows XP only the display manager crashes ,
whereas on a Windows 2000
server the BSOD(Blue screen of death )appears and
the system hangs.
I am using Firefox 1.0.6. I think that the bug is in
the display driver and
not with firefox. Kindly find a screen shot attached
with this email.

Thanks
Sumit


--

Sumit Siddharth
Information Security Analyst
NII Consulting
Web: www.nii.co.in
------------------------------------
NII Security Advisories
http://www.nii.co.in/resources/advisories.html
------------------------------------

_______________________________________________

Full-Disclosure - We believe in it.
Charter:


http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia -

http://secunia.com/




__________________________________________
Yahoo! DSL ? Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


----------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ7mbVK+LRXunxpxfAQLGTxAArIU8bpjYUITigxk5qhadp68ug9qrF3Db
hd/lmUF1G2R6jbG97OC9C0HkNJZdgg61xMPPlsNwBIfk7qxcMeXSE23I5y/T2nDX
E4gNdiGqmhXa+maLeSYII3YqxVIeAENh6LL/oE9wiiajkrCj9QI2lcfYe6GJZkv5
yW2INyTOWt/Qca465HoV1PwTt6taO5R/AyjTKoO8PjaukUPHrMYt2tJY+p0KvrRc
fpvbIXMNQ80/1gTE7KCJeMDtzeiNH8JwxebNpOyU6lcnyLtNH7FSup21DyBJWTg0
bvwpvGQetPbFhJttqtWv6tJU7vF3NE4Q6sASV2EokcjYbAkts+fkxi+zrrVhgLWA
kLFpq8OVV+XxmIcR686xGnJhxnlHtrfAT8A8OFwkzvRQnsv4N6UMXXrHJFWh+uJ5
cyWMzaGdUvVkobcFwUvWyG26TsT4Nap56bi/VOVKxkyRrdVPRCTzqHL80GqBJ/I2
SQeE6Q7/b4HL8rreAvUBhP3N0zctxjUTAnfiTS7+XTYsuj8Q5UVKk9rNFRl/9pif
zG5kQCEGzQmWSnMi5OfAheuVJMorb4tVta0/l5kgIas/DCv74VwQ5p7EnfBErX5p
aQLia8VosnSSjPf9Yx7hzOvqQR+e8W1uIHiKXhbxGTnl/HiJvLvnqskxGwajnSPJ
10D7YhdlAHE=
=/Zt9
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: