Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: old netscape vuln - affecting XP/explorer?

RE: old netscape vuln - affecting XP/explorer?

From: Ian Webb <webbi_at_sapc.edu>
Date: Sat, 7 Sep 2002 08:21:16 -0400

I can't reproduce on XP Pro, all current hotfixes. I *do* have MS02-050
patched, so maybe that's the difference. I don't see how it possibly
could be, though. (I don't have the MS02-049 patch installed, as I don't
have Visual Foxpro on this system.) The only other difference I can
think of is that I have the WMP 9 beta installed.

Anyone else been able to reproduce this?

-----Original Message-----
From: cassidy macfarlane [mailto:cmac23_at_barrysworld.com]
Sent: Friday, September 06, 2002 7:57 AM
To: vuln-dev_at_securityfocus.com
Subject: old netscape vuln - affecting XP/explorer?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi
I posted this to bugtraq, but was advised to post here..

I d/loaded the old 'crash-netscape.jpg' from secfocus (id 1503,
http://online.securityfocus.com/data/vulnerabilities/exploits/crash-nets
cape.jpg )
Sorry if it wraps

intending to have a play with Mozilla ;). I stuck it into my cygwin
dir on my local HD.

When I browse to this folder using explorer (***Tiles view***),
I get an explorer restart. (all open explorer windows close, but apps
persist)

/snip
Faulting application explorer.exe, version 6.0.2600.0, faulting
module ntdll.dll, version 5.1.2600.0, fault address 0x00003812.

0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 36 e 6.0.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in
0030: 6e 74 64 6c 6c 2e 64 6c ntdll.dl
0038: 6c 20 35 2e 31 2e 32 36 l 5.1.26
0040: 30 30 2e 30 20 61 74 20 00.0 at
0048: 6f 66 66 73 65 74 20 30 offset 0
0050: 30 30 30 33 38 31 32 0d 0003812.
0058: 0a .

/end snip

I'm running XP Pro, all hotfixes (apart from todays....MS02-049 and
MS02-050...yawn)

Does anyone else get the same?
Is this exploitable? - I get the same address (0x0003812) every
time...is this adjustable with the header/etc in the dodgy .jpg?

TIA, and apologies if this is known or a misconfiguration.

Cassidy Macfarlane
Group IT
www.tenongroup.com

PGP fingerprint: 31A2 1A52 6CB9 E91C 27D8 9C5C FC40 4FD7 5E96 E1A4

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPXiXUvxAT9deluGkEQIuewCgzZPslfiGX/EbwH3SEPXw2k5MHxsAoIMv
WyrI7Lv3qUtHxGtfbboxOkJB
=sXVg
-----END PGP SIGNATURE-----
Received on Sep 07 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos