Search the archives!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- From: devcode29 at hotmail.com (dev code)
- Subject: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- Date: Sun, 01 Apr 2007 21:21:43 +0000
Just wanted to post that using a ret2libc attack works as shown in the video here: http://www.zippyvideos.com/5991194746836606/ani-xp-sp2/ >From: "Chris Lyon" <cslyon at gmail.com> >To: full-disclosure at lists.grok.org.uk >Subject: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow >Date: Sun, 1 Apr 2007 09:24:51 -0700 > >On 4/1/07, wac <waldoalvarez00 at gmail.com> wrote: >> >> >> >>On 4/1/07, Larry Seltzer <Larry at larryseltzer.com> wrote: >> > >> > >>The issue is that this only works with DEP turned off! >> > >> > Interesting point. I haven't seen this mentioned anywhere, including >>the >> > Microsoft advisory >> > ( http://www.microsoft.com/technet/security/advisory/935423.mspx). >> > >> > Has anyone actually tested this with DEP on/off to be sure? >> >> >Did you guys see this from the CISRT. > >http://www.cisrt.org/enblog/read.php?68 > > >Yes, winhex uses the function when you open the .ani and I don't have it >>running with DEP turned on and the same goes for firefox that also leaves >>the file openend when I openen web link dev sent me (already tested >>winhex >>with the address of exitprocess that btw seems to float around from system >>to system since the version dev sent me does not works for me and it works >>like a charm when I built it). I was talking with dev code about DEP >>bypassing btw, we think that is possible to exploit even with >> DEP ON >><<. >>Just ideas for now. >> >>Larry Seltzer >> > eWEEK.com Security Center Editor >> > http://security.eweek.com/ >> > http://blog.eweek.com/blogs/larry_seltzer/ >> > Contributing Editor, PC Magazine >> > larryseltzer at ziffdavis.com >> > >> > _______________________________________________ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> > >> >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ >> >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _________________________________________________________________ The average US Credit Score is 675. The cost to see yours: $0 by Experian. http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE
- References:
- [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- From: Chris Lyon
- [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- Prev by Date: [Full-disclosure] April 1 joke
- Next by Date: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- Previous by thread: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- Next by thread: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- Index(es):