Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected]
From: Stan Bubrouski <stan.bubrouski () gmail com>
Date: Mon, 2 Jan 2006 12:37:52 -0500

Well if you look at the fact there is no title on titlebar and the
fact the active tab is Untitled, I'd hazard to guess its something he
manually entered into the address bar, and so we don't even know if
this is exploitable by clicking a link or whatnot.

Not exactly sure why this was posted if no details are provided. 
Anything else for us Sumit?

-sb

On 1/2/06, Lise Moorveld <lise_moorveld () yahoo com> wrote:
Dear Sumit,

Could you tell me how you exploited this buffer
overflow issue in Firefox so I can try and reproduce
it? I notice a lot of A's in your address bar but I'm
not sure whether that's it and if so, how many A's are
used.

Regards,

Lise

--- Sumit Siddharth <sumit.siddharth () gmail com> wrote:

Hi,
The Windows display manager crashes when a BOF is
attempted on a mozilla
firefox.
This has different results on different windows
machine.
In Windows XP only the display manager crashes ,
whereas on a Windows 2000
server the BSOD(Blue screen of death )appears and
the system hangs.
I am using Firefox 1.0.6. I think that the bug is in
the display driver and
not with firefox. Kindly find a screen shot attached
with this email.

Thanks
Sumit


--

Sumit Siddharth
Information Security Analyst
NII Consulting
Web: www.nii.co.in
------------------------------------
NII Security Advisories
http://www.nii.co.in/resources/advisories.html
------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
http://secunia.com/




__________________________________________
Yahoo! DSL – Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault