Full Disclosure mailing list archives
Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected]
From: InfoSecBOFH <infosecbofh () gmail com>
Date: Mon, 2 Jan 2006 10:54:23 -0800
Crash dump would be nice too. I have seen this once before but had issues replicating it with other display drivers. On 1/2/06, Stan Bubrouski <stan.bubrouski () gmail com> wrote:
Well if you look at the fact there is no title on titlebar and the fact the active tab is Untitled, I'd hazard to guess its something he manually entered into the address bar, and so we don't even know if this is exploitable by clicking a link or whatnot. Not exactly sure why this was posted if no details are provided. Anything else for us Sumit? -sb On 1/2/06, Lise Moorveld <lise_moorveld () yahoo com> wrote:Dear Sumit, Could you tell me how you exploited this buffer overflow issue in Firefox so I can try and reproduce it? I notice a lot of A's in your address bar but I'm not sure whether that's it and if so, how many A's are used. Regards, Lise --- Sumit Siddharth <sumit.siddharth () gmail com> wrote:Hi, The Windows display manager crashes when a BOF is attempted on a mozilla firefox. This has different results on different windows machine. In Windows XP only the display manager crashes , whereas on a Windows 2000 server the BSOD(Blue screen of death )appears and the system hangs. I am using Firefox 1.0.6. I think that the bug is in the display driver and not with firefox. Kindly find a screen shot attached with this email. Thanks Sumit -- Sumit Siddharth Information Security Analyst NII Consulting Web: www.nii.co.in ------------------------------------ NII Security Advisories http://www.nii.co.in/resources/advisories.html ------------------------------------_______________________________________________Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia -http://secunia.com/ __________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Lise Moorveld (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Stan Bubrouski (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 02)
- RE: Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected] Paul (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] ad () heapoverflow com (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] ad () heapoverflow com (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Stan Bubrouski (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Lise Moorveld (Jan 02)
- <Possible follow-ups>
- Buffer Overflow vulnerability in Windows Display Manager [Suspected] casiamo (Jan 02)