Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability
From: gynvael@xxxxxxxxxxxxx
Date: 23 Nov 2007 17:53:51 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi,

On 23 Nov 2007 07:23:05 -0000,  <emacs25@xxxxxxxxx> wrote:
> I was trying to confirm that, but under Windows XP MCE (lang: German and 
> English) with all patches, overflows on other address. Can anybody confirm 
> that?

I've tested it on VPC with Windows XP SP2 PL and I can confirm it
works as the author stated.


> I agree with JohnDo, why just don't send user a specially crafted 
> kernel32.dll :).
I don't. First, it's a .txt file, not a .dll file. Second, this file
is a part of emoticon sets. You do not expect emoticons to execute
some code do you ? ;>



> 2. Why did you wrote VERY HIGH threat? This is local buffer overflow. 
> Moreover user has to
> replace original file. This vulnerability has more to do with SE :(.
As far as I know the user does not have to overwrite any file. See
http://vexillium.org for a video of exploitation without replacing any
files. "Very High" might be a little to much, but just a little imho
;>


Best Regards ;>
--
gynvael.coldwind//vx

Prev by Date: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability
Next by Date: Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability
Previous by thread: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability
Next by thread: Re: Re: Re: Re: Gadu-Gadu Local/Remote Buffer Overflow vulnerability
Index(es):
- Date
- Thread