[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] BMP WMPlayer vulnerability

To: "Full-disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] BMP WMPlayer vulnerability
From: "Karma" <karma@xxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Feb 2006 14:44:11 +1100

Anyone determined the offset where the heap alloc routine is located ? I diffed 
the two wmp.dll's and they are significantly changed, I think the code is very 
much optimised in this release, many routines are changed. I have been tracing 
the mallocs and GlobalAllocs without any luck. Hoping someone is having better 
luck than I.

Basically, it would be great to know if 0 is the only size that causes the 
error and how the error is handled. 

Where is the size field located in the BMP metadata ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] BMP WMPlayer vulnerability
  - From: Knud Erik Højgaard

Prev by Date: [Full-disclosure] Winamp .m3u fun again ;)
Next by Date: Re[2]: [Full-disclosure] Internet Explorer drag&drop 0day
Previous by thread: [Full-disclosure] Winamp .m3u fun again ;)
Next by thread: Re: [Full-disclosure] BMP WMPlayer vulnerability
Index(es):
- Date
- Thread