Full Disclosure mailing list archives
Re: Firefox 0.92 DoS via TinyBMP
From: David Huecking <d.huecking () gmx net>
Date: Mon, 12 Jul 2004 19:14:02 +0200
Hmm, very funny modified BMPs?! david@moria:~/tiny> wget -r http://www.4rman.com/exploits/tinybmp.htm [...] david@moria:~/tiny/www.4rman.com/exploits> ll insgesamt 44 -rw-r--r-- 1 david users 58 2004-04-07 23:05 little.bmp -rw-r--r-- 1 david users 58 2004-04-07 23:05 little10.bmp -rw-r--r-- 1 david users 58 2004-04-07 23:04 little2.bmp -rw-r--r-- 1 david users 58 2004-04-07 23:04 little3.bmp -rw-r--r-- 1 david users 58 2004-04-07 23:04 little4.bmp -rw-r--r-- 1 david users 58 2004-04-07 23:04 little5.bmp -rw-r--r-- 1 david users 58 2004-04-07 23:05 little6.bmp -rw-r--r-- 1 david users 58 2004-04-07 23:05 little7.bmp -rw-r--r-- 1 david users 58 2004-04-07 23:05 little8.bmp -rw-r--r-- 1 david users 58 2004-04-07 23:05 little9.bmp -rw-r--r-- 1 david users 822 2004-04-07 23:05 tinybmp.htm david@moria:~/tiny/www.4rman.com/exploits> file * little.bmp: PC bitmap data, Windows 3.x format, 1114111 x 202 x 24 little10.bmp: PC bitmap data, Windows 3.x format, 1114111 x 6 x 24 little2.bmp: PC bitmap data, Windows 3.x format, 1114111 x 121 x 24 little3.bmp: PC bitmap data, Windows 3.x format, 1114111 x 89 x 24 little4.bmp: PC bitmap data, Windows 3.x format, 1114111 x 52 x 24 little5.bmp: PC bitmap data, Windows 3.x format, 1114111 x 40 x 24 little6.bmp: PC bitmap data, Windows 3.x format, 1114111 x 24 x 24 little7.bmp: PC bitmap data, Windows 3.x format, 1114111 x 24 x 24 little8.bmp: PC bitmap data, Windows 3.x format, 1114111 x 6 x 24 little9.bmp: PC bitmap data, Windows 3.x format, 1114111 x 6 x 24 tinybmp.htm: HTML document text Pretty wide/ large Bitmaps in 24Bit color-depth. OK, and now some mathematics: (only the full MBs) 1114111 * 202 * 3 Byte = 644 MB 1114111 * 6 * 3 Byte = 19 MB 1114111 * 121 * 3 Byte = 385 MB 1114111 * 89 * 3 Byte = 283 MB 1114111 * 52 * 3 Byte = 165 MB 1114111 * 40 * 3 Byte = 127 MB 1114111 * 24 * 3 Byte = 76 MB 1114111 * 24 * 3 Byte = 76 MB 1114111 * 6 * 3 Byte = 19 MB 1114111 * 6 * 3 Byte = 19 MB All in all: 1812 MB. Should be enough to fill the one or other main memory... Just for fun opened little10.bmp with gimp and saved it as tif: david@moria:~/tiny/www.4rman.com/exploits> ll -h little10.* -rw-r--r-- 1 david users 58 2004-04-07 23:05 little10.bmp -rw-r--r-- 1 david users 20M 2004-07-12 19:12 little10.tif So we see the true nature of this picture. On Montag, 12. Juli 2004 13:23, thE_iNviNciblE wrote:
Hi, there is a security vulnerability in Firebox 0.92 (latest Version) http://www.4rman.com/exploits/tinybmp.htm this link causes that your virutal memory will be rise up 1,2 GB used Memory... maybe Thunderbird 0.72 is also vulnerable via HTML. credits to: StupidWhiteMan
-- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Firefox 0.92 DoS via TinyBMP thE_iNviNciblE (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP Philip (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP William Warren (Jul 12)
- Message not available
- Fwd: Firefox 0.92 DoS via TinyBMP Jordan Cole (stilist) (Jul 12)
- Message not available
- Re: Firefox 0.92 DoS via TinyBMP st3ng4h (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP William Warren (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP Ali Campbell (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP David Huecking (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP st3ng4h (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP Jordan Cole (stilist) (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP Maarten (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP Ali Campbell (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP st3ng4h (Jul 12)
- RE: Firefox 0.92 DoS via TinyBMP Sapheriel (Jul 12)
- RE: Firefox 0.92 DoS via TinyBMP jhaunsystem (Jul 12)
- RE: Firefox 0.92 DoS via TinyBMP Eric Paynter (Jul 13)
- Re: Firefox 0.92 DoS via TinyBMP st3ng4h (Jul 12)
- Re: AW: Firefox 0.92 DoS via TinyBMP Lee Packham (Jul 12)