Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Sun Apr 01 2007 - 17:39:46 CDT
str0ke told me to test this one and no miracle, it works under vista and
the default DEP settings doesnt catch it.
> From the published poc yes vista is vulnerable , the poc doesn't
> exploit it but shows enough..
> The whole windows browser crashes when you try to open the folder of the
> malicious .ani file,
> can't even attach it to an email because thunderbird crashes when I'm
> browsing to attach the .ani,
> EIP is overwritten by some wrong datas near the shellcode, . To resume
> you don't have to open the file
> on vista, displaying it is enough, there is less user interaction
> required to exploit that bug on vista than older windows os,
> surprising... ...or not =)
> Larry Seltzer wrote:
>>>> It is completely possible to execute shellcode if we can do some DEP
>> bypass (ie. ret2libc attack, etc..)
>> In Vista this should have problems because of ASLR, right?
>> I'm beginning to think that web-based attacks with this in Vista aren't
>> really so scary. Even if you can get them to execute what can you really
>> do in IE protected mode? You need to get the user to run the ANI outside
>> of IE. Can anyone say what actually happens if you read an e-mail in the
>> Vista Mail program with an attack ANI embedded?
>> Larry Seltzer
>> eWEEK.com Security Center Editor
>> Contributing Editor, PC Magazine
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/