It's not too surprising that this exploit doesn't work on English
Windows 2000 Pro, with or without SP2. But I can't even get it to
crash Eudora (5.1 or 5.1.1) unless I open the hacked message,
right-click on it, and feed it through the Unwrap Text plugin.
Has anyone ported this exploit to
Is there anyway to turn off the Flash ActiveX control for Windows? I've
tried removing it from my system and Web sites just keep downloading it
again. If I turn off ActiveX completely, then Internet Explorer is
constantly warning me that Web pages that use Flash-based banner ads
will not be
Hi Steven.
Likewise, when is the exploit triggered on Japanese Windows 2000 Pro?
Exploit triggered when the message is received and listed in the
IN MailBox.
Please try this code.
It is a exploit code for Eudora 5.1.1 on Japanese win2k pro SP2.
If you use English win2k, pls modify the line
Correction, closing out of the app brings up an error where the memory
read
is controlled at 4141414d (EIP is elsewhere), so it appears to be a
different
type of crash by behavior entirely... but exploitable.
Would need to stick a debugger on it and mess around to narrow it down.
On Wed, Aug 07, 2002 at 12:24:19PM -0700, Mike Benham wrote:
First of all, https://www.thoughtcrime.org is NOT the demo site. Several
people were confused by this email, and subsequently concluded that their
browser isn't vulnerable because they got an alert that the name on the
certificate
I believe nothing new it that issue. WM_TIMER tricks were described by
Matt Pietrek in 1997, in Microsoft's MSJ
http://www.microsoft.com/msj/defaultframe.asp?page=/msj/0397/hood/hood0397.htmnav=/msj/0397/newnav.htm
(sample included)
So it was noted already at least 5 years before Jim Allchin.
I am aware of a Microsoft application that has made such a mistake.
http://www.atstake.com/research/advisories/2000/a090700-1.txt is an example
of one. In fact you would be surprised at the number of services vulnerable
to these types of attacks. From personal firewalls, to anti-virus and so on.
Running this on my local file fuzzer, Litchfield's begins to hit
exceptions at
200 increments. (At a blank value it gives a memory error).
At 216 increments (and at least for awhile, above) it overwrites EIP
with
41414141. (Windows 2000 Service Pack 2).
Testing Jelmer's as it was written
CodeCon 2.0
February 2003, San Francisco CA, USA
www.codecon.info
Call For Papers
CodeCon is the premier showcase of active hacker projects. It is an
excellent opportunity for developers to demonstrate their work, and for
coding hackers to find out about what's going on in their community.
So let me get this straight.
Allowing unpriveleged processes to send control messages to priveleged
processes is not a flaw in the Win32 API because there is a mechanism
for applications to protect themselves from this type of attack
(alternate Windows Stations/Desktops).
But the
On Mon, Aug 05, 2002 at 04:03:29PM -0700, Mike Benham wrote:
However, there is a slightly more complicated scenario. Sometimes it is
convenient to delegate signing authority to more localized authorities.
In this case, the administrator of www.thoughtcrime.org would get a chain
of
Here's what I did to make myself feel better.
1. Downloaded the full SP3.exe.
2. Disabled my network adapter
3. Ran the SP3 update
4. Rebooted.
5. Disabled Automatic Updates
6. Re-enabled the network adapter
However, this won't accomplish much if you use the WindowsUdate site, as
both the
I agree, this is really, really serious. If this is correct, I believe it is
one of the most serious vulnerabilities reported in a long time. People
trust SSL to protect their money, and this is a vulnerability where you
could easily attack thousands of users or go after the banks with a simple
On Thu, Aug 08, 2002 at 01:38:46PM +0200, Balazs Scheidler wrote:
On Mon, Aug 05, 2002 at 04:03:29PM -0700, Mike Benham wrote:
However, there is a slightly more complicated scenario. Sometimes it is
convenient to delegate signing authority to more localized authorities.
In this case,
--- DownBload [EMAIL PROTECTED] wrote:
[ Illegal Instruction Security Research Labs
Advisory ]
[]
Advisory name: CSS bug in Winamp
Advisory number: 8
Application: Winamp
Vendor: Nullsoft
WEB: www.winamp.com
15 matches
Mail list logo