mailing list archives
Re: selling ms office bug
From: <0x80 () hush ai>
Date: Thu, 20 Apr 2006 23:44:32 -0700
Not really because I am pretty sure that he is talking about either
an unpatched PPT overflow (malformed powerpoint file) or perhaps
even an older one that was found and never reported to MS in Visio.
I do understand that its easy to trick users into clicking on
something to be owned and yes you can embed any office document in
html and have it auto-execute but these types of vulnerabilities
are as common as lame XSS vulns or rambling n3td3v posts.
Have you ever ran tests on IE? I can crash IE in thousands of ways
with malformed content. Some might be exploitable, most are null
pointers. But the point is... these issues will probably always
exists and there is no real defense against tricking a user into
By the way, I am typing this email after spending the day at the
beach in 35 celsius weather getting a sunburn so if they want to
join me they can. heh
On Thu, 20 Apr 2006 23:25:41 -0700 Valdis.Kletnieks () vt edu wrote:
On Thu, 20 Apr 2006 22:05:23 PDT, 0x80 () hush ai said:
You open a file and shellcode runs?
Wow... hey guys I have a executable to sell.. all you need to do
get the user to open it and the code runs compromising the
You're just jealous because he's probably going to make enough
pay for a nice trip to the tropical beach of his choice, *and* be
to brag about how he pwn'ed a whole mess of white hat's boxes and
away with it.. ;)
Concerned about your privacy? Instantly send FREE secure email, no account required
Get the best prices on SSL certificates from Hushmail
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/