[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] MS06-0[0]6 Windows Media Player Exploitation [CODE]

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] MS06-0[0]6 Windows Media Player Exploitation [CODE]
From: H D Moore <fdlist@xxxxxxxxxxxxxxxxxx>
Date: Fri, 17 Feb 2006 08:32:21 -0600

Works well against Firefox 1.5.0.1 on the following systems:
- Windows XP SP2
- Windows 2003 SP0
- Windows 2000 SP4

However, it does not work with Opera 8.5 on any platform. Should just be a 
matter of changing return addresses based on the user-agent though...

-HD

On Friday 17 February 2006 02:05, Matthew Murphy wrote:
> The heap spray technique works very effectively -- you end up with a
> *sizable* pad in the 0x04a00000 region which you can use as a direct
> jump point for the payload, without any of the fancy frame manipulation
> tricks that I am too tired to try at this hour of the night/morning.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] MS06-06 Windows Media Player Exploitation
  - From: c0ntex
- Re: [Full-disclosure] MS06-06 Windows Media Player Exploitation
  - From: H D Moore
- Re: [Full-disclosure] MS06-0[0]6 Windows Media Player Exploitation [CODE]
  - From: Matthew Murphy

Prev by Date: Re: [Full-disclosure] MS06-0[0]6 Windows Media Player Exploitation [CODE]
Next by Date: Re: [Full-disclosure] Orwell's country wants Big Brother backdoor inVista cipher!
Previous by thread: Re: [Full-disclosure] MS06-0[0]6 Windows Media Player Exploitation [CODE]
Next by thread: Re: [Full-disclosure] MS06-06 Windows Media Player Exploitation
Index(es):
- Date
- Thread