Full Disclosure mailing list archives
RE: Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected]
From: "Paul" <pvnick () gmail com>
Date: Tue, 3 Jan 2006 18:10:16 -0500
I can repro this on Windows XP Pro with IE7. However, it does not appear to be exploitable. Internet explorer terminates after attempting to execute the following statement: 034ED914 8C82 60770100 MOV WORD PTR DS:[EDX+17760],ES EDX=0 So it's a null pointer bug. Regards, Paul Greyhats Security -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of InfoSecBOFH Sent: Monday, January 02, 2006 1:54 PM To: Stan Bubrouski Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected] Crash dump would be nice too. I have seen this once before but had issues replicating it with other display drivers. On 1/2/06, Stan Bubrouski <stan.bubrouski () gmail com> wrote:
Well if you look at the fact there is no title on titlebar and the fact the active tab is Untitled, I'd hazard to guess its something he manually entered into the address bar, and so we don't even know if this is exploitable by clicking a link or whatnot. Not exactly sure why this was posted if no details are provided. Anything else for us Sumit? -sb On 1/2/06, Lise Moorveld <lise_moorveld () yahoo com> wrote:Dear Sumit, Could you tell me how you exploited this buffer overflow issue in Firefox so I can try and reproduce it? I notice a lot of A's in your address bar but I'm not sure whether that's it and if so, how many A's are used. Regards, Lise --- Sumit Siddharth <sumit.siddharth () gmail com> wrote:Hi, The Windows display manager crashes when a BOF is attempted on a mozilla firefox. This has different results on different windows machine. In Windows XP only the display manager crashes , whereas on a Windows 2000 server the BSOD(Blue screen of death )appears and the system hangs. I am using Firefox 1.0.6. I think that the bug is in the display driver and not with firefox. Kindly find a screen shot attached with this email. Thanks Sumit -- Sumit Siddharth Information Security Analyst NII Consulting Web: www.nii.co.in ------------------------------------ NII Security Advisories http://www.nii.co.in/resources/advisories.html ------------------------------------_______________________________________________Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia -http://secunia.com/ __________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.9/217 - Release Date: 12/30/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Lise Moorveld (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Stan Bubrouski (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 02)
- RE: Buffer Overflow vulnerability in WindowsDisplay Manager [Suspected] Paul (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] ad () heapoverflow com (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Sumit Siddharth (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] ad () heapoverflow com (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] InfoSecBOFH (Jan 03)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Stan Bubrouski (Jan 02)
- Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] Lise Moorveld (Jan 02)
- <Possible follow-ups>
- Buffer Overflow vulnerability in Windows Display Manager [Suspected] casiamo (Jan 02)