Full Disclosure mailing list archives
Re: Two windows exploits in the wild
From: don bailey <don.bailey () gmail com>
Date: Thu, 11 Dec 2008 09:56:39 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On a more interesting note i feel that slashdot should screen there writers better Here is a quote that i saw "/The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.'" /Try to have someone that knows what a heap overflow look over the article next time. If it's a heap overflow we know it's exploiting a heap within the program.
Actually, this seems fine to me. Yes, it's manipulating some heap construct for the purpose of executing injected code.. but, what I think this statement is trying to relay is that the author isn't sure exactly what in the XML parser is being exploited. Obviously, there are 1,000,000 ways to get to Detroit, so to speak. It could be a specific XML module, or it could be something in the core language parser. It might be related to a non XML library that is loaded as a result of parsing XML data in a certain way, etc. I think, in this case, we can give the author a break. D -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAklBRkMACgkQttfe3HwtctMz8gCaA0177NbhRfODFtU59Rc/Ps5n sjwAn0XO22WkzOWyeRLv1gpqLYkhK4fl =iKyW -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Two windows exploits in the wild James Matthews (Dec 11)
- Re: Two windows exploits in the wild don bailey (Dec 11)