Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: MS06-0[0]6 Windows Media Player Exploitation [CODE]
From: H D Moore <fdlist () digitaloffense net>
Date: Fri, 17 Feb 2006 08:32:21 -0600

Works well against Firefox 1.5.0.1 on the following systems:
- Windows XP SP2
- Windows 2003 SP0
- Windows 2000 SP4

However, it does not work with Opera 8.5 on any platform. Should just be a 
matter of changing return addresses based on the user-agent though...

-HD

On Friday 17 February 2006 02:05, Matthew Murphy wrote:
The heap spray technique works very effectively -- you end up with a
*sizable* pad in the 0x04a00000 region which you can use as a direct
jump point for the payload, without any of the fancy frame manipulation
tricks that I am too tired to try at this hour of the night/morning.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault