Full Disclosure mailing list archives
The Bat! libpng bo?
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 4 Nov 2004 18:54:39 +0300
Dear full-disclosure () lists netsys com, It looks like The Bat! uses libpng 1.0.5 and zlib 1.1.3 and is vulnerable to very old buffer overflow and double free bugs. At least it catches exception on http://www.security.nnov.ru/files/libpngbo.png and thread is silently closed... There is no any visual effect, but you can see it in debugger. The rest of The Bat! is written in Delphi. Can anyone confirm if this is exploitable (I know nothing about Borland compilers)? -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- The Bat! libpng bo? 3APA3A (Nov 04)