|
Mozilla/Firefox & Adobe, "embedded" problems |
|
Written by Rubén
|
|
Thursday, 02 February 2006 |
|
There is a "mutual imcompatibility" between Adobe PDF reader plugin and Mozilla/Firefox browsers.
Embedding two or more pdf documents using <embed> html tag we will trigger the flaw. The memory stack is exhausted leading the process to crash.
The flaw seems to be a recursive state produced by nppdf32.dll, the Adobe PDF reader plugin module.
|
|
Last Updated ( Sunday, 07 May 2006 )
|
|
Read more...
|
|
|
Written by Rubén
|
|
Monday, 30 January 2006 |
|
It seems that somebody has released a 0Day exploit for the widely extended multimedia player,WinAmp.
I found the vulnerability more ore less one month ago, as the iDefense advisory shows.
Update
The Winamp team don´t care about the security of their customers.
<Opinion>
The common sense tell me "Watch out! do not disclose this vulnerability before
a patch, if not,it will permit that adware-spyware-spam-scam mafia to make more
money,even.They are earning a lot of money just deceiving people.
It is also known as savage capitalism.
There are circumstances where a 0Day exploit has meaning,at the present day if
somebody releases a 0Day exploit for software like Winamp, it will only
benefit to all that scum. What happened with WMF?
I guess that some researchers should reflect at great lenght before
disclosing any unpatched vulnerability.
Perhaps you will not get your 5 minutes of "fame" but we should act beyond our ego.
</opinion>
Technical details
The flaw is located in in_mp3.dll which handles m3u and pls playlist files so both formats are vulnerable, not only pls since I have been reading in articles.
This dll reserves a fixed value,about 0x400 bytes to save certain information. One more time a typical stack overflow. Nothing new or exciting.
|
|
Last Updated ( Saturday, 22 April 2006 )
|
|
Read more...
|
|
|
Written by Rubén
|
|
Sunday, 22 January 2006 |
|
How in the world could the Microsoft Engineers feel like to develop dangerous file formats? I mean code and data mixed, I do not know but they did it.
The most spreading "vulnerability" known ever, the WMF issue, was directly caused by one these "funny" file formats. But WMF is not alone...
WinHelp File format, aka .hlp , is another example of an old and extreme dangerous mixed format. The WinHelp format was born with Windows 3.1 and is still supported at the present day by Windows 2000, Windows XP ... In addition it is actively used by Microsoft and third-party software to delivery help documentation.
The WinHelp file format is the most similar to an executable file not being one. Even, several virus infect this format due to the powerful scripting language.
One of the documented macros supported by this format is "RegisterRoutine". Using this macro we can register any function of any Dll
[CONFIG]
RegisterRoutine("Kernel32.dll", "Beep", "UU")
then the function can be used as any other defined Macro within the WinHelp project
{\uldb Do Beep}{\v !Beep(750, 5000)}
Microsoft released a Security update addressing the issue.Before it .hlp files could be loaded by Iexplorer using hhctrl.ocx (winhelp command), so any code could have been executed. But now is different, remote execution is not possible, although the Macro support is still active locally.
There are few fully trusted formats and hlp is not one of them so I think that it would not be used to delivery documentation.
HLP STOP!
|
|
Last Updated ( Tuesday, 09 May 2006 )
|
|
|
|
<< Start < Prev 11 12 13 14 15 16 Next > End >>
|
| Results 61 - 64 of 64 |
