Full Disclosure mailing list archives
Re: selling ms office bug
From: <0x80 () hush ai>
Date: Thu, 20 Apr 2006 23:44:32 -0700
Ahaha. Not really because I am pretty sure that he is talking about either an unpatched PPT overflow (malformed powerpoint file) or perhaps even an older one that was found and never reported to MS in Visio. I do understand that its easy to trick users into clicking on something to be owned and yes you can embed any office document in html and have it auto-execute but these types of vulnerabilities are as common as lame XSS vulns or rambling n3td3v posts. Have you ever ran tests on IE? I can crash IE in thousands of ways with malformed content. Some might be exploitable, most are null pointers. But the point is... these issues will probably always exists and there is no real defense against tricking a user into doing something. By the way, I am typing this email after spending the day at the beach in 35 celsius weather getting a sunburn so if they want to join me they can. heh On Thu, 20 Apr 2006 23:25:41 -0700 Valdis.Kletnieks () vt edu wrote:
On Thu, 20 Apr 2006 22:05:23 PDT, 0x80 () hush ai said:You open a file and shellcode runs?Wow... hey guys I have a executable to sell.. all you need to do
isget the user to open it and the code runs compromising the system...sigh......You're just jealous because he's probably going to make enough money to pay for a nice trip to the tropical beach of his choice, *and* be able to brag about how he pwn'ed a whole mess of white hat's boxes and got away with it.. ;)
Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- selling ms office bug ad () heapoverflow com (Apr 19)
- Re: selling ms office bug ad () heapoverflow com (Apr 19)
- Re: selling ms office bug n3td3v (Apr 19)
- Re: selling ms office bug Valdis . Kletnieks (Apr 20)
- Re: selling ms office bug Robert Waters (Apr 20)
- RE: selling ms office bug php0t (Apr 20)
- Re: selling ms office bug Robert Waters (Apr 20)
- <Possible follow-ups>
- Re: selling ms office bug 0x80 (Apr 20)
- Re: selling ms office bug Valdis . Kletnieks (Apr 20)
- Re: selling ms office bug ad () heapoverflow com (Apr 21)
- Re: selling ms office bug 0x80 (Apr 20)
- Re: selling ms office bug 0x80 (Apr 20)
- Re: selling ms office bug 0x80 (Apr 21)
- Re: selling ms office bug ad () heapoverflow com (Apr 19)