Full Disclosure mailing list archives
Re: MS05-036
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Thu, 14 Jul 2005 19:14:19 +0100
----Original Message----
From: David Chastain Message-Id: 7381300.1121354089894.JavaMail.dlcmacosx () mac com
Has anyone seen or does anyone know of an exploit in HTML code that would target the MCMM vulnerability?
Nope. I haven't tried any experimentation yet, but my first guess would
be that the overflow is in one of the functions that have to deal with
strings, so maybe it would be worth trying to get very long colour names
passed down from html code until the browser ends up calling
CMConvertColorNameToIndex on them.
Or perhaps we want to try and overflow CMGetNamedProfileInfo?
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MS05-036 David Chastain (Jul 14)
- Re: MS05-036 Dave Korn (Jul 14)
