Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))
From: "Menashe Eliezer" <menashe () finjan com>
Date: Mon, 8 Nov 2004 00:21:43 +0200

The published exploit is working also with the <EMBED> tag, and not just
with the <IFRAME> and  the <FRAME> tags.
Finjan's advisory can be found at:
http://www.finjan.com/SecurityLab/AttackandExploitReports/alert_show.asp
?attack_release_id=114

==
Regards,
Menashe Eliezer
Senior application security architect
Malicious Code Research Center
Finjan Software
http://www.finjan.com/mcrc
 
Prevention is the best cure!
 


-----Original Message-----
From: morning_wood [mailto:se_cur_ity () hotmail com] 
Sent: Tuesday, November 02, 2004 3:44 PM
To: Berend-Jan Wever; full-disclosure () lists netsys com;
bugtraq () securityfocus com
Subject: Re: [Full-disclosure] MSIE <IFRAME> and <FRAME> tag NAME
property bufferoverflow PoC exploit (was: python does mangleme (with IE
bugs!))

bindshell success ( html run from local ) connect from remote success...
this is NASTY
if shellcode modified this will do reverse or exe drop i assume....

good work,

Donnie Werner


-----------------------------------------------
This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]