Better yet, name two. On Thu, Feb 26, 2009 at 9:22 PM, Jubei Trippataka <[email protected]>wrote:
> > > On Fri, Feb 27, 2009 at 12:26 PM, <[email protected]> wrote: > >> BM_X-Force_WP_final.pdf is called "Application-Specific Attacks: >> Leveraging the ActionScript Virtual Machine" and if you haven't read it, >> you should. It'll make you smile. >> >> >> > OK, and what about this vulnerability makes use of a NULL pointer? This > goes to show the shallow exploitation knowledge of this community. If you > actually understood the paper it's (NULL + offset). This is NOT the same as > a plain NULL deref bug. Also, you need to be able to map the NULL address, > so I ask again, in examples such as this, in users-space apps name one > exploitable condition. > > > -- > ciao > > JT > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
