[vox] Why not Windows: cursor vulns
Karsten M. Self
kmself at ix.netcom.com
Wed Mar 30 14:25:09 PST 2005
From the Incidents list at SecurityFocus:
http://www.mnin.org/forums/viewtopic.php?t=112
Tri-Mode Browser Exploits - MHTML, ANI, and Java VM Sandbox
PostPosted: Wed Mar 02, 2005 8:32 pm
In summary, the user followed a search engine's pointer and ended up
at xxxcenter.org. Her browser was forced into a situation where it
would be downloading code from another site no matter what she did.
This code used a multi-attack mechanism including a buffer overflow
in Microsoft's ANI file format, a parsing and privilege escalation
vulnerability in the MHTML protocol hander, and weaknesses in Java's
VM component.
The rest of the post shows detail of how the exploit functions.
More here:
http://www.securityfocus.com/archive/75/394573/2005-03-27/2005-04-02/0
Peace.
--
Karsten M. Self <kmself at ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Deep inside the secret headquarters of the RedHat / GNOME / Ximian
/ Mozilla Cabal, there's a hidden document with a list of everything
in Unix you know and love, marked with a date for its final
expurgation. I think 'ls' is slated to be finally replaced with a
symlink to 'nautilus' in 2007.
- Dan Egnor.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox/attachments/20050330/66a2b77c/attachment.bin
More information about the vox
mailing list