|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MSIE buffer overrun
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: MSIE buffer overrun
- From: Russ <Russ.CooperRC.ON.CA>
- Date: Fri, 20 Mar 1998 17:27:08 -0500
- Reply-To: Russ <Russ.CooperRC.ON.CA>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
BTW, someone reminded me that this looked very similar to the "MK Overrun" exploit Dildog, from The l0pht, described in their advisory from 1/14/98. I set the MKEnabled registry entry to "No", and the exploit still works. Of course I'm testing on IE 4.01 (4.72.2106.8). Just an FYI in case you thought it was just a repeat of the same old bug. It may well be a minor variation, but its not the same bug. Also, my CPU 100% for 25 minutes experience was just a false report, it was just how that machine was at the time I tested it (tisk tisk, bad me!!) YMMV...;-] I've had reports that NT crashes and recovers just as quickly as my Win98 experience, and as cleanly as well. This, of course, with no exploit code at the end of the URL, just crashing code...;-[ Cheers, Russ Cooper R.C. Consulting, Inc. - NT/Internet Security http://www.ntbugtraq.com
- Prev by Date: Re: MSIE buffer overrun
- Next by Date: Re: MSIE buffer overrun
- Prev by thread: Re: MSIE buffer overrun
- Next by thread: Re: MSIE buffer overrun
- Index(es):