|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Internet explorer Vulnerbility
From: Alexander Sotirov (asotirov
determina.com)
Date: Thu Jun 01 2006 - 04:45:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Confirmed on a fully patched Windows XP.
It's a stack overflow in inetconn.dll, but it's most likely not exploitable
because the DLL is compiled with /GS. There are no other interesting variables
to overwrite between the buffer and the return address. Overwriting the
arguments doesn't get us anywhere either.
It would be exploitable on older systems not compiled with /GS, but the code
where the vulnerability is was added in XP SP2.
Alex
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]