funsec mailing list archives

Re: exploiting MS08-021

From: "Paul Ferguson" <fergdawg () netzero net>
Date: Mon, 14 Apr 2008 21:57:43 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Larry Seltzer" <larry () larryseltzer com> wrote:

Theres exploit code out (http://www.milw0rm.com/exploits/5442) for
MS08-021
(http://www.microsoft.com/technet/security/Bulletin/MS08-021.mspx) which
describes GDI buffer overflows in the loading of EMF and WMF files.


There's more than just a PoC exploit available via milw0rm -- there
are active malicious exploits circulating in-the-wild on this since
last week.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIA9NSq1pz9mNUZTMRApUYAKCukBDsmH8KLgydDaIYm6NaqqdnswCgyOqe
JzgOm01fsLFZz3WvK2Eqy68=
=OeuJ
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

exploiting MS08-021 Larry Seltzer (Apr 14)
- Re: exploiting MS08-021 Richard M. Smith (Apr 14)
  - Re: exploiting MS08-021 Larry Seltzer (Apr 14)
    - Re: exploiting MS08-021 Eric Sites (Apr 14)
  - Re: exploiting MS08-021 Florian Weimer (Apr 15)
- <Possible follow-ups>
- Re: exploiting MS08-021 Larry Seltzer (Apr 14)
- Re: exploiting MS08-021 Paul Ferguson (Apr 14)
- Re: exploiting MS08-021 RandallMan (Apr 14)