Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Mozilla Security Advisory 2004-07-08
From: "Perrymon, Josh L." <PerrymonJ () bek com>
Date: Fri, 9 Jul 2004 09:51:28 -0500

That's what I have been trying to entire time. But for some reason you can't
pass parameters to the file correctly.
Ex- The behavior of  code red passing commands to cmd.exe.

But it doesn't seem to like that. However the exploit released on FD
mentioned visiting a shared folder.

What I was thinking was that this exploit would have to be multi layered and
have the ability to pass params. to the exe.

So far I don't see that happening.

My question:

What about the problem with IE still? They haven't attempted to correct the
issue or make ANY public announcements. I know they have enough holes but

I think this problem showcases the great response by the Mozilla team to
correct issues and hopefully will help with the move AWAY from IE and M$.


-----Original Message-----
From: Gary Flynn [mailto:flynngn () jmu edu]
Sent: Friday, July 09, 2004 8:28 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Mozilla Security Advisory 2004-07-08

Berend-Jan Wever wrote:
The advisory mentions that combining this with a BoF can result in remote
code execution, but they totally forget to mention that formatstring
exploits, integeroverflows, XSS, SQL injection, etc... might cause the same
problems too. I bet they just read FD and didn't think for themselves. As
far as I can see, this bug allows an attacker to remotely abuse any
vulnerability a local program might be subject to, thus making any local
exploit a possible remote exploit.

It would seem that one would have to be able to pass
parameters to the file being called for these types of
attacks to be possible.

Gary Flynn
Security Engineer
James Madison University

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]