Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows .ANI LoadAniIcon Stack Overflow

From: Alexander Sotirov <asotirov () determina com>
Date: Tue, 03 Apr 2007 19:13:06 -0700
Larry Seltzer wrote:

Alex had said that he was exploiting this bug on Firefox, even though
the Firefox docs say it should be impossible. I'm just trying to
understand how his claims are possible.

There's no reason to believe the Firefox developers need to do anything.
IE, for example, is fixed when the ANI code in GDI is fixed. 


To avoid any confusion:

1) There is no vulnerability in the Firefox source code

2) Firefox uses a Windows API function which uses the vulnerable code in
USER32.DLL, so the ANI vulnerability can be exploited through Firefox

3) Installing the MS07-017 patch will protect both IE and Firefox against this
vulnerability

4) There is no vulnerability for the Firefox developers to patch. I recommend
that they limit their use of the Windows API to avoid being affected by the next
Windows vuln, but this is application hardening, not a vulnerability fix.

5) Even thought the patch is already out, I'd like to avoid harming Windows
users who haven't installed it, so that's why I'm not releasing the details
about the Firefox exploit just yet.


Larry, why are you so curious about how this exploit works?


Alex

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: