Full Disclosure mailing list archives

Re: re: eeye temporary patch for current IEvulnerability

From: "list srv" <list.srv () gmail com>
Date: Tue, 28 Mar 2006 11:25:02 -0800

And you convinced yourself that the patch and the source matched,
how,
exactly? :)


XP sp1

orig
6B703AA9      66:C785 74FFF>MOV WORD PTR SS:[EBP-8C],0
6B703AB2   .  6A 00         PUSH 0
6B703AB4   .  8B4B 48       MOV ECX,DWORD PTR DS:[EBX+48]

patched
6B703AA9     /E9 76EA0600   JMP jscript.6B772524
6B703AAE   ? |FFFF          ???                                      ;
 Unknown command
6B703AB0   ? |0000          ADD BYTE PTR DS:[EAX],AL
6B703AB2   .  6A 00         PUSH 0
6B703AB4   .  8B4B 48       MOV ECX,DWORD PTR DS:[EBX+48]

orig
lots of NULLs, unused space

patched
6B772524      60            PUSHAD
6B772525      8DBC25 74FFFF>LEA EDI,DWORD PTR SS:[EBP-8C]
6B77252C      33C0          XOR EAX,EAX
6B77252E      AB            STOS DWORD PTR ES:[EDI]
6B77252F      AB            STOS DWORD PTR ES:[EDI]
6B772530      61            POPAD
6B772531    ^ E9 7A15F9FF   JMP jscript.6B703AB2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

RE: re: eeye temporary patch for current IEvulnerability Krpata, Tyler (Mar 28)
- Re: re: eeye temporary patch for current IEvulnerability Javor Ninov (Mar 28)
- Re: re: eeye temporary patch for current IEvulnerability Valdis . Kletnieks (Mar 28)
- <Possible follow-ups>
- RE: re: eeye temporary patch for current IEvulnerability 0x80 (Mar 28)
  - Re: re: eeye temporary patch for current IEvulnerability list srv (Mar 28)