Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability
From: Jason Starks <jstarks440 () gmail com>
Date: Thu, 26 Feb 2009 22:33:18 -0500

Better yet, name two.

On Thu, Feb 26, 2009 at 9:22 PM, Jubei Trippataka
<vpn.1.fanatic () gmail com>wrote:



On Fri, Feb 27, 2009 at 12:26 PM, <neeko () feelingsinister net> wrote:

BM_X-Force_WP_final.pdf is called "Application-Specific Attacks:
Leveraging the ActionScript Virtual Machine" and if you haven't read it,
you should. It'll make you smile.



OK, and what about this vulnerability makes use of a NULL pointer? This
goes to show the shallow exploitation knowledge of this community. If you
actually understood the paper it's (NULL + offset). This is NOT the same as
a plain NULL deref bug. Also, you need to be able to map the NULL address,
so I ask again, in examples such as this, in users-space apps name one
exploitable condition.


--
ciao

JT

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]