<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS

Re: AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS

From: Manu Benoīt <tseeker_at_nocternity.net>
Date: Tue, 7 Jun 2005 20:47:56 +0200

> .text:12081BDB mov ebx, [esp+arg_C]
> .text:12081BDF test ebx, ebx
> .text:12081BE1 jbe short loc_12081C1A
> .text:12081C13 dec ebx
> .text:12081C14 mov ecx, esi
> .text:12081C16 jnz short loc_12081BED
> .text:12081C18 pop edi
> .text:12081C19 pop esi

Unless I'm mistaken, the second line sets the Zero Flag if ebx (the argument)
is null then jumps after the end of the loop if the flag is set.

Which means that the count gets checked before entering the loop, and there
shouldn't be any problem.

-- 
TSeeker <tseeker_at_nocternity.net>

Received on Jun 07 2005

This message: [ Message body ]
Next message: Steven M. Christey: "Second-Order Symlink Vulnerabilities"
Previous message: Ryan T. Dean: "Contact Request - Comcast"
In reply to: Tom Ferris: "AOL AIM Instant Messenger Buddy Icon "ateimg32.dll" DoS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]