Full Disclosure mailing list archives
Re: VLC media player MKV Parsing POC
From: Mario Vilas <mvilas () gmail com>
Date: Wed, 10 Jul 2013 11:06:58 +0200
On Wed, Jul 10, 2013 at 10:57 AM, kaveh ghaemmaghami < kavehghaemmaghami () googlemail com> wrote:
1.The crash you showed does not control eip (its not a stack-based bof)
And? You still need to control EIP or the exploit doesn't, you know, actually work. :P
2.not even arbitrary memory (check further instructions)
You posted only one instruction and it's a read operation, proving nothing. You're either lazy or don't actually get what's going on. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.”
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- VLC media player MKV Parsing POC kaveh ghaemmaghami (Jul 09)
- Re: VLC media player MKV Parsing POC kaveh ghaemmaghami (Jul 10)
- Re: VLC media player MKV Parsing POC Mario Vilas (Jul 10)
- Re: VLC media player MKV Parsing POC Źmicier Januszkiewicz (Jul 10)
- Re: VLC media player MKV Parsing POC Mario Vilas (Jul 10)
- Re: VLC media player MKV Parsing POC kaveh ghaemmaghami (Jul 10)
- <Possible follow-ups>
- Re: VLC media player MKV Parsing POC Edward Tivrusky (Jul 10)
- Re: VLC media player MKV Parsing POC kaveh ghaemmaghami (Jul 10)