Full Disclosure mailing list archives
Re: MS06-0[0]6 Windows Media Player Exploitation [CODE]
From: H D Moore <fdlist () digitaloffense net>
Date: Fri, 17 Feb 2006 08:32:21 -0600
Works well against Firefox 1.5.0.1 on the following systems: - Windows XP SP2 - Windows 2003 SP0 - Windows 2000 SP4 However, it does not work with Opera 8.5 on any platform. Should just be a matter of changing return addresses based on the user-agent though... -HD On Friday 17 February 2006 02:05, Matthew Murphy wrote:
The heap spray technique works very effectively -- you end up with a *sizable* pad in the 0x04a00000 region which you can use as a direct jump point for the payload, without any of the fancy frame manipulation tricks that I am too tired to try at this hour of the night/morning.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MS06-06 Windows Media Player Exploitation c0ntex (Feb 16)
- Re: MS06-06 Windows Media Player Exploitation ad () heapoverflow com (Feb 16)
- Re: MS06-06 Windows Media Player Exploitation ad () heapoverflow com (Feb 16)
- Re: MS06-06 Windows Media Player Exploitation H D Moore (Feb 16)
- Re: MS06-06 Windows Media Player Exploitation c0ntex (Feb 16)
- Re: MS06-06 Windows Media Player Exploitation H D Moore (Feb 16)
- Re: MS06-0[0]6 Windows Media Player Exploitation [CODE] Matthew Murphy (Feb 17)
- Re: MS06-0[0]6 Windows Media Player Exploitation [CODE] H D Moore (Feb 17)
- Re: MS06-0[0]6 Windows Media Player Exploitation [CODE] H D Moore (Feb 17)
- Re: MS06-06 Windows Media Player Exploitation c0ntex (Feb 17)
- Re: MS06-06 Windows Media Player Exploitation c0ntex (Feb 17)
- Re: MS06-06 Windows Media Player Exploitation c0ntex (Feb 16)
- Re: MS06-06 Windows Media Player Exploitation ad () heapoverflow com (Feb 16)