funsec mailing list archives
RE: Is The .WMF Exploit A ConsPiracy Gone Bad?
From: "Thomas Mannfred Carlsson" <thomas () carlsson fm>
Date: Sat, 14 Jan 2006 12:41:00 -0000
On 13 Jan 2006 at 19:40, Thomas Mannfred Carlsson wrote:
Can anyone here who has experimented with the WMF vulnerability confirm or deny that portion of the Gibson announcement (i.e. that the vulnerability can only be triggered in Windows systems with Size = 1)?
Just as a followup, a quick look at published WMF exploits to date suggest that successful exploitation can use different sizes than 1 (e.g. 4 in Metasploit, 17 in Ilfak's tester).. so either Gibson has stumbled on something new/different (i.e. maybe he uses a different function number, and this is a whole new issue), or then it may simply be a coding/interpretation error in his testbed (in which case my heart goes out to the lad, I'm sure we all know what it's like to discover something seemingly unprecedented and then force ourselves to calmly and carefully recheck the data, processes etc before drawing any significant conclusions). Best Regards, Thomas -- Thomas Mannfred Carlsson Researcher/Consultant e-mail: thomas () carlsson fm Public PGP key: http://www.beige.org/pgp.txt _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad?, (continued)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Larry Seltzer (Jan 13)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Valdis . Kletnieks (Jan 13)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Blanchard, Michael (InfoSec) (Jan 13)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Todd Towles (Jan 13)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Don Kennedy (Jan 13)
- Re[2]: Is The .WMF Exploit A ConsPiracy Gone Bad? Pierre Vandevenne (Jan 13)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Don Kennedy (Jan 13)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Todd Towles (Jan 13)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Larry Seltzer (Jan 13)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Blue Boar (Jan 13)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Thomas Mannfred Carlsson (Jan 13)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Thomas Mannfred Carlsson (Jan 14)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Gadi Evron (Jan 14)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Valdis . Kletnieks (Jan 14)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Technocrat (Jan 14)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Nick FitzGerald (Jan 14)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Gadi Evron (Jan 15)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Ronaldo Vasconcellos (Jan 15)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Valdis . Kletnieks (Jan 15)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Nick FitzGerald (Jan 15)
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Matt Sergeant (Jan 15)
- RE: Is The .WMF Exploit A ConsPiracy Gone Bad? Larry Seltzer (Jan 13)
- Message not available
- Re: Is The .WMF Exploit A ConsPiracy Gone Bad? Jordan Wightman (Jan 15)