Vulnerability Development mailing list archives
Re: Fix for MS Outlook Vulnerability - shortcut?
From: James Stevenson <mistral () stevenson zetnet co uk>
Date: Sun, 23 Jul 2000 01:57:30 GMT
Hi its not always that simple with overflows all data must not be relied on because it overwrites memory so you will not know if the data is true or that is even when the problem exists eg program does this runs getmail from server <-- this is where outlook crashes does not crash (yep) read headers (overflow) do something else try to do something with mail (oops) pointers etc.. will be in the wrong place now or something like that because they have been overwritten programs crashed display crash notice not of which may be true try making the date header even bigger see if you can get data to appear in the stack etc.. this is how to exploit buffer overflows cya James In local.vuln-dev, you wrote:
Hi, Can anyone tell me whether the inetcomm.dll probolem can be fixed simply by replacing the DLL. If so, why has Microsoft not made the files available individually, instead of as part of complete version upgrade. If the problem can be addressed by replacing the DLL, would anyone be interested in helping to compile a list of the DLLs for the various MS flavours (95, 98, NT & 2000), or is the same DLL always used? Thanks and Regards Charl =========================================================================== charl van der walt +27 83 454 4203 SensePost (Pty) Ltd =========================================================================== PS We have something of a bandwidth restriction here in the 3rd world so if the hole can be plugged without having to download MEGS of data from the USA that would be nice :)
-- --------------------------------------------- Check Out: http://www.users.zetnet.co.uk/james/ E-Mail: mistral () stevenson zetnet co uk 1:50am up 5 days, 12:11, 6 users, load average: 0.06, 0.40, 0.54
Current thread:
- Fix for MS Outlook Vulnerability - shortcut? Charl van der Walt (Jul 22)
- Re: Fix for MS Outlook Vulnerability - shortcut? James Stevenson (Jul 23)