funsec mailing list archives
Fun with: disassembling GDI32.dll
From: "Hubbard, Dan" <dhubbard () websense com>
Date: Mon, 6 Feb 2006 15:13:56 -0800
For those interested, we just posted this on our blog: Microsoft Windows is vulnerable to remote code execution in GDI32.dll (Graphical Device Interface). An exploit containing this vulnerability was found in the wild by Websense Security Labs on 12/27/2005. This vulnerability was exploited in the wild as early as 12/15/2005 to install various malicious programs. In order to successfully exploit this vulnerability, an attacker is only required to lure the victim to an infected website. The number of websites currently hosting malicious code has steadily increased since the exploit was made public. This paper will disassemble GDI32.dll and provide a detailed analysis of the code flow leading to the vulnerability. Readers are expected to be familiar with x86 assembly instructions to follow this document. http://www.websensesecuritylabs.com/images/alerts/ms06-001.pdf _______________________________ Dan Hubbard Security & Technology Research Websense Security Labs http://www.WebsenseSecurityLabs.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fun with: disassembling GDI32.dll Hubbard, Dan (Feb 06)