Re: [Full-Disclosure] GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
Date: Sun Feb 15 2004 - 14:35:42 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
|> .. Rrrrriiiiggghhhttt. Way to go, using a signed integer for an
|> offset. Now all we have to do is create a BMP with bfOffBits > 2^31,
|
| I would caution everyone against assuming that this code has not
| been altered since it left the confines of Redmond. If I were
| to steal Microsoft code and release it to the Internet, I'd be
| tempted to make a few strategic modifications first, just to
| stir things up. Especially if I were, shall we say, not exactly
| a Microsoft fan...
Interesting point, but keep in mind the original author also included a
POC which (reportedly, unconfirmed) affected IE5. That'd suggest it is
indeed Redmond code.
C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFAL8oOR2vQ2HfQHfsRAlq2AJ4pP2TxCp2Ac0uIMxou3uuZVZbMjwCfWQWA
PsPhhr546k91p0ssj/ps0cg=
=k6nN
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Sun Feb 15 15:26:14 2004
This archive was generated by hypermail 2.1.8 : Sun Feb 15 2004 - 16:03:00 EST
