Full Disclosure mailing list archives
RE:Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too)
From: "meme-boi" <meme-boi () nothotmail org>
Date: Thu, 11 Sep 2003 17:33:38 -0700 (PDT)
WORKAROUND :
Disable active scripting or do "the sensible thing" and pick anotherbrowser such as the>excellent mozilla firebird.
Mozilla ... <script language="Javascript"> t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1); </script> hmmm or http://drorshalev.brinkster.net/dev/memeboi/werd.html Both serious issues mozilla has yet to fix. Or we can look at Opera and conclude that no graphical browser is safe: /usr/bin/opera: line 138: 1289 Segmentation fault "${BINARYDIR}/opera" "${@}" "${BINARYDIR}/opera" "${@}" (gdb) /opt/opera/lib/opera/plugins/operamotifwrapper: error while loading shared libraries: libXm.so.2: cannot open shared object file: No such file or directory (gdb) backtrace #0 0x21ad4397 in waitpid () from /lib/libc.so.6 #1 0x080777f6 in kill_pid () #2 0x080767a3 in wait_for () #3 0x080687c6 in execute_command_internal () #4 0x0806c0a7 in execute_command () #5 0x0805d48c in reader_loop () <---murder loop #6 0x0805b8a0 in main () #7 0x21a407a6 in __libc_start_main () from /lib/libc.so.6 <--redrum lib (gdb) info reg eax 0xfffffe00 -512 ecx 0x5da26398 1570923416 edx 0x0 0 ebx 0xffffffff -1 esp 0x5da2635c 0x5da2635c ebp 0x5da26378 0x5da26378 esi 0x0 0 edi 0xffffffff -1 eip 0x21ad4397 0x21ad4397 eflags 0x246 582 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x0 0 fctrl 0x37f 895 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 mxcsr 0x0 0 orig_eax 0x72 114 (gdb) disass $eip-0x20 $eip+0x20 Dump of assembler code from 0x21ad4377 to 0x21ad43b7: 0x21ad4377 <waitpid+23>: mov $0x7,%dh 0x21ad4379 <waitpid+25>: add %cl,0x2b88b3(%ebx) 0x21ad437f <waitpid+31>: add %cl,0xf685087d(%ebx) 0x21ad4385 <waitpid+37>: jne 0x21ad43be <waitpid+94> 0x21ad4387 <waitpid+39>: mov 0xc(%ebp),%ecx 0x21ad438a <waitpid+42>: mov 0x10(%ebp),%edx 0x21ad438d <waitpid+45>: push %ebx 0x21ad438e <waitpid+46>: mov %edi,%ebx 0x21ad4390 <waitpid+48>: mov $0x72,%eax 0x21ad4395 <waitpid+53>: int $0x80 0x21ad4397 <waitpid+55>: pop %ebx 0x21ad4398 <waitpid+56>: cmp $0xfffff000,%eax 0x21ad439d <waitpid+61>: mov %eax,%esi 0x21ad439f <waitpid+63>: ja 0x21ad43ae <waitpid+78> 0x21ad43a1 <waitpid+65>: mov %esi,%eax 0x21ad43a3 <waitpid+67>: mov 0xfffffff4(%ebp),%ebx 0x21ad43a6 <waitpid+70>: mov 0xfffffff8(%ebp),%esi 0x21ad43a9 <waitpid+73>: mov 0xfffffffc(%ebp),%edi 0x21ad43ac <waitpid+76>: leave 0x21ad43ad <waitpid+77>: ret 0x21ad43ae <waitpid+78>: neg %esi 0x21ad43b0 <waitpid+80>: call 0x21a40980 <__errno_location> 0x21ad43b5 <waitpid+85>: mov %esi,(%eax) Time to revert to command line ! I speak about this on the mighty bugtraq but noone listen. not even friend 9or. Anyways. I have to go clean the floor at walmart. ninjas are bad _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE:Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too) meme-boi (Sep 11)
- Re: RE:Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too) Jeremiah Cornelius (Sep 11)
- Re: RE:Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too) jelmer (Sep 12)
- <Possible follow-ups>
- RE: Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too) Drew Copley (Sep 12)
- Re: RE: Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too) M Saqib Ilyas (Sep 26)
- Re: RE: Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too) Valdis . Kletnieks (Sep 30)
- Re: RE: Internet explorer 6 on windows XP allows exection of arbitrary code ( and opera and Mozilla too) M Saqib Ilyas (Sep 26)