[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] re: eeye temporary patch for current IEvulnerability

To: valdis.kletnieks@xxxxxx
Subject: Re: [Full-disclosure] re: eeye temporary patch for current IEvulnerability
From: "list srv" <list.srv@xxxxxxxxx>
Date: Tue, 28 Mar 2006 11:25:02 -0800

> >And you convinced yourself that the patch and the source matched,
> >how,
> >exactly? :)
>

XP sp1

orig
6B703AA9      66:C785 74FFF>MOV WORD PTR SS:[EBP-8C],0
6B703AB2   .  6A 00         PUSH 0
6B703AB4   .  8B4B 48       MOV ECX,DWORD PTR DS:[EBX+48]

patched
6B703AA9     /E9 76EA0600   JMP jscript.6B772524
6B703AAE   ? |FFFF          ???                                      ;
 Unknown command
6B703AB0   ? |0000          ADD BYTE PTR DS:[EAX],AL
6B703AB2   .  6A 00         PUSH 0
6B703AB4   .  8B4B 48       MOV ECX,DWORD PTR DS:[EBX+48]

orig
lots of NULLs, unused space

patched
6B772524      60            PUSHAD
6B772525      8DBC25 74FFFF>LEA EDI,DWORD PTR SS:[EBP-8C]
6B77252C      33C0          XOR EAX,EAX
6B77252E      AB            STOS DWORD PTR ES:[EDI]
6B77252F      AB            STOS DWORD PTR ES:[EDI]
6B772530      61            POPAD
6B772531    ^ E9 7A15F9FF   JMP jscript.6B703AB2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- RE: [Full-disclosure] re: eeye temporary patch for current IEvulnerability
  - From: 0x80

Prev by Date: [Full-disclosure] Re: guidelines for good password policy andmaintenance / user centric identity with single passwords (or asmall number at most over time)
Next by Date: Re: [Full-disclosure] Industry calls on Microsoft to scrap PatchTuesday for Critical flaws
Previous by thread: RE: [Full-disclosure] re: eeye temporary patch for current IEvulnerability
Next by thread: RE: [Full-disclosure] re: eeye temporary patch for current IEvulnerability
Index(es):
- Date
- Thread