|
|
BugTraq
Re: Remote overflow in MSIE script action handlers (mshtml.dll) Mar 16 2006 09:13PM Michal Zalewski (lcamtuf dione ids pl) (4 replies) Re: Remote overflow in MSIE script action handlers (mshtml.dll) Mar 17 2006 07:44AM Hariharan (harij22 gmail com) (1 replies) Re: Remote overflow in MSIE script action handlers (mshtml.dll) Mar 17 2006 07:47AM Michal Zalewski (lcamtuf dione ids pl) Re: Remote overflow in MSIE script action handlers (mshtml.dll) Mar 16 2006 10:05PM Master Phoxpherus (phoxpherus hotmail co uk) (2 replies) Re: Remote overflow in MSIE script action handlers (mshtml.dll) Mar 18 2006 11:07AM c0redump ackers org uk Re: Remote overflow in MSIE script action handlers (mshtml.dll) Mar 16 2006 10:05PM Tomasz Onyszko (t onyszko w2k pl) Re: Remote overflow in MSIE script action handlers (mshtml.dll) Mar 16 2006 09:41PM Jamie Riden (jamie riden gmail com) |
|
Privacy Statement |
> Hmm. I'm running a Windows 98 SE box and just tried what you said.
> Didn't effect me "instantly" or after a time period. You sure you're not
> just seeing shit? :P
Yes, and a number of people have confirmed this problem thus far
(including the author of the initial reply to my post). I did not test it
on Windows 98, however, and I cannot (nor want to) comment on its memory
management antics.
> Plus, keeping it real, there's a fair difference between a BoF that you
> can perform easily remotely, and a BoF you have to talk people into.
> "Hey, dude... can you just type <command> and if it don't work, hit
> refresh a few times?" ... can you see it?
Yes, I can. The instructions I provided are *not* a prerequisite to
overwrite memory. They're merely a recommendation to make the PoC reliably
crash your browser, should you want to confirm the problem independently
without much research.
I have all reasons to believe that this problem *is* exploitable without
having to talk anyone into it - having mshtml.dll render a specially
crafted webpage or a sequence of meta-refresh webpages is very much
sufficient.
/mz
[ reply ]