Full Disclosure mailing list archives
Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows
From: reepex <reepex () gmail com>
Date: Tue, 25 Dec 2007 21:53:29 -0600
On Dec 25, 2007 5:29 PM, Elazar Broad <elazarb () earthlink net> wrote:
The AOL YGP Picture Editor Control(AIM PicEditor Control) version 9.5.1.8suffers from multiple exploitable buffer overflows in various properties. This object is marked safe for scripting. I have not tested other versions. PoC as follows:
How does a bunch of 'A's prove something is exploitable?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows Elazar Broad (Dec 25)
- Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows reepex (Dec 25)
- Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows Valdis . Kletnieks (Dec 25)
- Re: AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows reepex (Dec 25)