Re: Two windows exploits in the wild

[don bailey <don.bailey () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On a more interesting note i feel that slashdot should screen there
> writers better Here is a quote that i saw "/The exploit is a typical
> heap overflow that appears to be exploiting something in the XML
> parser.'" /Try to have someone that knows what a heap overflow look over
> the article next time. If it's a heap overflow we know it's exploiting a
> heap within the program.

Actually, this seems fine to me. Yes, it's manipulating some heap
construct for the purpose of executing injected code.. but, what
I think this statement is trying to relay is that the author isn't
sure exactly what in the XML parser is being exploited. Obviously,
there are 1,000,000 ways to get to Detroit, so to speak. It could
be a specific XML module, or it could be something in the core
language parser. It might be related to a non XML library that is
loaded as a result of parsing XML data in a certain way, etc. I
think, in this case, we can give the author a break.

D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklBRkMACgkQttfe3HwtctMz8gCaA0177NbhRfODFtU59Rc/Ps5n
sjwAn0XO22WkzOWyeRLv1gpqLYkhK4fl
=iKyW
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/