BugTraq
Re: Re: Re: Microsoft Internet Explorer 9.x <= Remote Stack Overflow Vulnerability Dec 21 2012 01:57PM
koppensb aon at
Hi!

I think he is talking about this blog post of the Microsoft Security and Defense team.
http://blogs.technet.com/b/srd/archive/2009/01/28/stack-overflow-stack-e
xhaustion-not-the-same-as-stack-buffer-overflow.aspx

Since your PoC code throws this:

Problem signature:
Problem Event Name: APPCRASH
Application Name: iexplore.exe
Application Version: 9.0.8112.16457
Application Timestamp: 50a2f9e3
Fault Module Name: MSHTML.dll
Fault Module Version: 9.0.8112.16457
Fault Module Timestamp: 50a30507
Exception Code: c00000fd
Exception Offset: 002bbe12
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional Information 1: 39a4
Additional Information 2: 39a4d7f18c1c7c725934453009d2f1b9
Additional Information 3: 9b65
Additional Information 4: 9b65a6e96bd128527d12d25fc3aa2ec1

ie runs in an exhaustion not in an overflow.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus