Full Disclosure mailing list archives
Re: Windows .ANI LoadAniIcon Stack Overflow
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Wed, 04 Apr 2007 02:34:01 +0200
Affected Software: Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2 Windows Vista Windows Vista x64 Edition all patches are out without xp sp1 and no warning that I'm seriously at risk if i'm not urgently upgrading to sp2, no way! I'll keep my cheese =) George Ou wrote:
The patch for ANI is out from Microsoft. I'm assuming the question is if we will see this technique for Firefox exploitation posted now? -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Larry Seltzer Sent: Tuesday, April 03, 2007 2:14 PM To: Alexander Sotirov Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow LS> The Firefox docs say that it doesn't support .ani files for cursors. LS> How are you exploiting it? AS> I'll wait until the patch is out before I publish the technique. AS> As far as I know there are no public ANI exploits for Firefox yet. So now can you say how Firefox is vulnerable? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Windows .ANI LoadAniIcon Stack Overflow, (continued)
- Re: Windows .ANI LoadAniIcon Stack Overflow George Ou (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Alexander Sotirov (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow George Ou (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Alexander Sotirov (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow George Ou (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Alexander Sotirov (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow George Ou (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow ad () heapoverflow com (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Daniel Veditz (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Alexander Sotirov (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Alexander Sotirov (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Peter Ferrie (Apr 04)
- Re: Windows .ANI LoadAniIcon Stack Overflow Michal Majchrowicz (Apr 08)
- Re: Windows .ANI LoadAniIcon Stack Overflow wac (Apr 08)
- Re: Windows .ANI LoadAniIcon Stack Overflow Michal Majchrowicz (Apr 10)