mailing list archives
RE: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))
From: "Menashe Eliezer" <menashe () finjan com>
Date: Mon, 8 Nov 2004 00:21:43 +0200
The published exploit is working also with the <EMBED> tag, and not just
with the <IFRAME> and the <FRAME> tags.
Finjan's advisory can be found at:
Senior application security architect
Malicious Code Research Center
Prevention is the best cure!
From: morning_wood [mailto:se_cur_ity () hotmail com]
Sent: Tuesday, November 02, 2004 3:44 PM
To: Berend-Jan Wever; full-disclosure () lists netsys com;
bugtraq () securityfocus com
Subject: Re: [Full-disclosure] MSIE <IFRAME> and <FRAME> tag NAME
property bufferoverflow PoC exploit (was: python does mangleme (with IE
bindshell success ( html run from local ) connect from remote success...
this is NASTY
if shellcode modified this will do reverse or exe drop i assume....
This message was scanned for malicious content and viruses by Finjan Internet Vital Security 1Box(tm)
Full-Disclosure - We believe in it.