Hi, more information about the patch released April 1st can be found here:
http://zert.isotf.org/
Including:
1. Technical information.
2. Why this patch was released when eeye already released a third party
patch.
The newly discovered zero-day vulnerability in the parsing of animated
cursors is
Can someone point out "What" might one see or expect if exploited by this?
Message: 14
Date: Sun, 1 Apr 2007 21:19:39 -0500 (CDT)
From: Gadi Evron <[EMAIL PROTECTED]>
Subject: [Full-disclosure] More information on ZERT patch for ANI 0day
To: bugtraq@securityfocus.com,
Gadi Evron wrote:
Although eEye has released a third-party patch that will prevent the
latest exploit from working, it doesn't fix the flawed copy routine. It
simply requires that any cursors loaded must reside within the Windows
directory (typically C:\WINDOWS\ or C:\WINNT\). This approach shou
Gadi,
Gadi Evron wrote:
I'm thinking that an attacker with write access to %systemroot% probably
has juicier, simpler targets to attack (which potentially let them run
code in a higher security context) than animated cursors.
http://www.milw0rm.com/exploits/3636
I'm struggling to see what
Gadi,
Gadi Evron wrote:
It has relevance to what you replied to.
No doubt - but unfortunately not the part of it that I was actually
responding to; this isn't actually a reply to what I said, just a random
vaguely topical link.
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http
Gadi,
Gadi Evron wrote:
For a real current attack.
Understandably. This is the attack which this thread is about, as
indicated in the subject line of the e-mail.
To recap, you used the phrase "flawed copy routine." to refer to the
fact that you could carry out an attack using this particu
Well I did my patch and I'm giving it away to be modifiable by everyone out
there.
I did it for version 5.1.2600.2622 of user32.dll, English version not sure
if that is the last version from M$ (with the way they handle patches you
know
you could miss one) anyway in any case I believe there is en
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
>
> Gadi Evron wrote:
> > Although eEye has released a third-party patch that will prevent the
> > latest exploit from working, it doesn't fix the flawed copy routine. It
> > simply requires that any cursors loaded must reside within the Windows
>
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
> Gadi,
>
> Gadi Evron wrote:
>
> >> I'm thinking that an attacker with write access to %systemroot% probably
> >> has juicier, simpler targets to attack (which potentially let them run
> >> code in a higher security context) than animated curso
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
> Gadi,
>
> Gadi Evron wrote:
>
> > It has relevance to what you replied to.
>
> No doubt - but unfortunately not the part of it that I was actually
> responding to; this isn't actually a reply to what I said, just a random
> vaguely topical li
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
> Gadi,
>
> Gadi Evron wrote:
>
> > For a real current attack.
>
> Understandably. This is the attack which this thread is about, as
> indicated in the subject line of the e-mail.
>
> To recap, you used the phrase "flawed copy routine." to refe
> Hi, more information about the patch released April 1st can be found here:
>
> http://zert.isotf.org/
>
> Including:
> 1. Technical information.
> 2. Why this patch was released when eeye already released a third party
> patch.
Has anyone actually checked what this patch does? Who are ZERT and
On 4/3/07, Stefan Kelm <[EMAIL PROTECTED]> wrote:
> Has anyone actually checked what this patch does? Who are ZERT and
> ISOTF respectively ("About ISOTF" at http://www.isotf.org/?page_value=0
> says a lot...)?
>
> ...or is this an April Fool's joke?
The patch is 100% real and it is effective. I'
Hardly.
Don't remember that last Zero day in 2006 do you?
http://www.eweek.com/article2/0,1895,2019162,00.asp
The Zert folks have coded up zero day patches before (VML and WMF
anyone?) and are folks actively out in the community. While I'm not
ready yet to install third party patches on system
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
a/s/l?
I currently reside in Fort Collins, Colorado and I obtained my PhD
from Texas A&M.
- - neal
On Tue, 03 Apr 2007 13:52:42 -0500 "Susan Bradley, CPA aka Ebitz -
SBS Rocks [MVP]" <[EMAIL PROTECTED]> wrote:
>Hardly.
>
>Don't remember that last Ze
And there's a patch for that Realtek already to go on the download
site. (read the caveat section). So far all I've seen/heard is that one.
This is patching 7 graphics items not just the one. ...that's 6 more
things the folks that throw at me from those Metasploit modules ;-)
Jason Frisvold w
On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
<[EMAIL PROTECTED]> wrote:
> And there's a patch for that Realtek already to go on the download
> site. (read the caveat section). So far all I've seen/heard is that one.
Yes, I forgot to mention the patch.
> This is patching 7 graphics
On 4/3/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
<[EMAIL PROTECTED]> wrote:
> the community need that they are reacting to. Gadi and the crew work
> hard and have my respect for their efforts.
Agreed. Previous patches worked as advertised with no adverse side
effects here.
> If you are
18 matches
Mail list logo
