Bugtraq: Re: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS

From: "Manu Benoît" <tseeker () nocternity net>
Date: Tue, 7 Jun 2005 20:47:56 +0200

.text:12081BDB mov ebx, [esp+arg_C]
.text:12081BDF test ebx, ebx
.text:12081BE1 jbe short loc_12081C1A
.text:12081C13 dec ebx
.text:12081C14 mov ecx, esi
.text:12081C16 jnz short loc_12081BED
.text:12081C18 pop edi
.text:12081C19 pop esi


Unless I'm mistaken, the second line sets the Zero Flag if ebx (the argument) 
is null then jumps after the end of the loop if the flag is set.

Which means that the count gets checked before entering the loop, and there 
shouldn't be any problem.


-- 
TSeeker <tseeker () nocternity net>

By Date By Thread

Current thread:

AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS Tom Ferris (Jun 07)
- Re: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS Manu Benoît (Jun 07)