mailing list archives
Re: MS06-06 Windows Media Player Exploitation [CODE]
From: H D Moore <fdlist () digitaloffense net>
Date: Fri, 17 Feb 2006 08:32:21 -0600
Works well against Firefox 184.108.40.206 on the following systems:
- Windows XP SP2
- Windows 2003 SP0
- Windows 2000 SP4
However, it does not work with Opera 8.5 on any platform. Should just be a
matter of changing return addresses based on the user-agent though...
On Friday 17 February 2006 02:05, Matthew Murphy wrote:
The heap spray technique works very effectively -- you end up with a
*sizable* pad in the 0x04a00000 region which you can use as a direct
jump point for the payload, without any of the fancy frame manipulation
tricks that I am too tired to try at this hour of the night/morning.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/