Full Disclosure mailing list archives
Move Networks Quantum Streaming Player UploadLogs() Buffer Overflow
From: "Elazar Broad" <elazar () hushmail com>
Date: Tue, 26 Feb 2008 00:30:09 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who: Move Networks http://www.movenetworks.com/ What: Move Networks is a streaming media provider who's clients include Fox, ABC, ESPN etc. They employ an ActiveX control to display content in the clients browser. How: qsp2ie07074039.dll version 7.7.4.39(digitally signed Tuesday, September 18, 2007 7:10:35PM) {E473A65C-8087-49A3-AFFD-C5BC4A10669B} The url parameter of the UploadLogs() method is vulnerable to a buffer overflow. Workaround: Set the killbit for this control, see http://support.microsoft.com/kb/240797 Fix: No official fix known Exploit: Will be posted on milw0rm.com Elazar -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkfDo+EACgkQi04xwClgpZiSQwP+OVVbAEDFc728APhQBQgcgeOXP/6K WcLjPLdz2lXRO3P15Umrqgr6tChJ0HbsW40U67+zyw0VG0k87IL6ZOyqjRtNPWwb4j7W 3EjC04vI9pxQBtjoG9ZR80PX6ociLCq7ApS1uOsSDy61N/092E4mIKbCwD6coTuUzP5U Q56IVKo= =v29c -----END PGP SIGNATURE----- -- Click to shop and save on brand name copiers today. http://tagline.hushmail.com/fc/Ioyw6h4efL3TOAtEgKVyrVjF0g3IeZGowAyIsMPtoIkky6N3oFUUnm/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Move Networks Quantum Streaming Player UploadLogs() Buffer Overflow Elazar Broad (Feb 25)