Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows .ANI LoadAniIcon Stack Overflow

From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Tue, 3 Apr 2007 21:51:45 -0400
Alex had said that he was exploiting this bug on Firefox, even though
the Firefox docs say it should be impossible. I'm just trying to
understand how his claims are possible.

There's no reason to believe the Firefox developers need to do anything.
IE, for example, is fixed when the ANI code in GDI is fixed. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

-----Original Message-----
From: Daniel Veditz [mailto:dveditz () cruzio com] 
Sent: Tuesday, April 03, 2007 9:47 PM
To: George Ou
Cc: Larry Seltzer; 'Alexander Sotirov';
full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow

George Ou wrote:

The patch for ANI is out from Microsoft.  I'm assuming the question is



if we will see this technique for Firefox exploitation posted now?


Why? That would needlessly put Firefox users at risk -- not everyone
will be able to apply the Windows patch immediately. Microsoft may have
had since December to craft a patch, but the Firefox team hasn't.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: