Dailydave mailing list archives
Re: Ah, oo, uh, ie.
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Fri, 31 Mar 2006 13:54:37 -0600
The IObjectSafety problem, as it relates to instantiable non-ActiveX COM objects, is still a major issue in IE. This allows you to crash IE with a single object creation call, such as: <script> a = new ActiveXObject("OutlookExpress.AddressBook"); </script> Real complicated eh? This was reported to MSRC, along with another dozen IE DoS bugs, about a month ago. The biggest problem with fixing COM object bugs seems to be figuring out who the actual author is. What sucks is finding a trivially exploitable COM object on your system and having no idea what application is responsible for installing it... More browser rambling can be found on the Metasploit blog: http://metasploit.blogspot.com/2006/03/browser-fuzzing-for-fun-and-profit.html -HD On Thursday 30 March 2006 16:40, Dave Aitel wrote:
I wonder if Mike's been talking to one of the DCOM designers. This sounds like something they'd think up. DCOM Designer: "Yo, so the server can call RpcImpersonateClient(), but not if the client has called SetCloaking("Definitely Not"). but if the registry has the "Cloaking: Not such a good thing" dword set to 1 then it still can. Clear?" ProgrammersProgrammersProgrammers: "Sure!" Haha. That API cracks me up every time.
Current thread:
- Ah, oo, uh, ie. Dave Aitel (Mar 30)
- Re: Ah, oo, uh, ie. Bryan Burns (Mar 30)
- Re: Ah, oo, uh, ie. H D Moore (Mar 31)
- <Possible follow-ups>
- Ah, oo, uh, ie. Williams, James K (Mar 31)