Bugtraq: Re: Internet explorer Vulnerbility

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Internet explorer Vulnerbility

From: Alexander Sotirov <asotirov () determina com>
Date: Thu, 01 Jun 2006 02:45:23 -0700

Confirmed on a fully patched Windows XP.

It's a stack overflow in inetconn.dll, but it's most likely not exploitable
because the DLL is compiled with /GS. There are no other interesting variables
to overwrite between the buffer and the return address. Overwriting the
arguments doesn't get us anywhere either.

It would be exploitable on older systems not compiled with /GS, but the code
where the vulnerability is was added in XP SP2.

Alex

By Date By Thread

Current thread:

Re: Internet explorer Vulnerbility Alexander Sotirov (Jun 01)
- <Possible follow-ups>
- RE: Internet explorer Vulnerbility Peter Kruse (Jun 01)
- Re: Internet explorer Vulnerbility Hariharan (Jun 04)
- Internet Explorer vulnerbility Mr . Niega (Jun 08)
  - Re: Internet Explorer vulnerbility Andrei Ponomarev (Jun 12)
  - Re: Internet Explorer vulnerbility Michael N. Telnov (Jun 12)