[Full-disclosure] Skype 5.3.*.5.2.* Critical Pointer Vulnerability

2011-08-22 Thread Levent Kayan 
hello,

http://vulnerability-lab.com/get_content.php?id=180


cheers,
noptrix

-- 
Name: Levent 'noptrix' Kayan
E-Mail: nopt...@lamergarten.net
GPG key: 0x014652c0
Key fingerprint: ABEF 4B4B 5D93 32B8 D423 A623 823D 4162 0146 52C0
Homepage: http://www.noptrix.net/

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Skype 5.3.*.5.2.* Critical Pointer Vulnerability

2011-08-22 Thread Mario Vilas 
Perhaps you should post the contents of the advisory here as well. Many
people won't happily click on a link without any explanations.

On Mon, Aug 22, 2011 at 9:14 PM, Levent Kayan levonka...@gmx.net wrote:

 hello,

 http://vulnerability-lab.com/get_content.php?id=180


 cheers,
 noptrix

 --
 Name: Levent 'noptrix' Kayan
 E-Mail: nopt...@lamergarten.net
 GPG key: 0x014652c0
 Key fingerprint: ABEF 4B4B 5D93 32B8 D423 A623 823D 4162 0146 52C0
 Homepage: http://www.noptrix.net/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




-- 
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Skype 5.3.*.5.2.* Critical Pointer Vulnerability

2011-08-22 Thread Mario Vilas 
Oh, and BTW...

--- Violation Exception Log ---
0:034 g
(f10.ed4): Unknown exception  (first chance)
(f10.ed4): Access violation - code c005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=c07ca54b ebx=a96959bc ecx=d8f10db2 edx=155f esi=d7263481 edi=3e294540
eip=25c50116 esp=37f91000 ebp=50601616 iopl=0 nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b efl=00010202
25c50116 cd01int 1
0:000 !exchain
0018e8f8:
Skype+8be3a0 (00cbe3a0)


This doesn't look like an exploitable buffer overflow to me. I think
you just stumbled upon Skype's anti-debug measures.



On Tue, Aug 23, 2011 at 1:02 AM, Mario Vilas mvi...@gmail.com wrote:

 Perhaps you should post the contents of the advisory here as well. Many
 people won't happily click on a link without any explanations.

 On Mon, Aug 22, 2011 at 9:14 PM, Levent Kayan levonka...@gmx.net wrote:

 hello,

 http://vulnerability-lab.com/get_content.php?id=180


 cheers,
 noptrix

 --
 Name: Levent 'noptrix' Kayan
 E-Mail: nopt...@lamergarten.net
 GPG key: 0x014652c0
 Key fingerprint: ABEF 4B4B 5D93 32B8 D423 A623 823D 4162 0146 52C0
 Homepage: http://www.noptrix.net/

 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




 --
 “There's a reason we separate military and the police: one fights the enemy
 of the state, the other serves and protects the people. When the military
 becomes both, then the enemies of the state tend to become the people.”


 ___
 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/




-- 
“There's a reason we separate military and the police: one fights the enemy
of the state, the other serves and protects the people. When the military
becomes both, then the enemies of the state tend to become the people.”
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/