对了,忘了说明,该安全组织的报告主要是分析了ms08-052补丁中对wmf的补丁部分,然后得出了难以利用的结论。 不过,说是不能利用的鸡肋漏洞最后却成功地利用的例子不在少数。
On 9月17日, 上午11时12分, Cmdhz <[EMAIL PROTECTED]> wrote: > 最近看了下ms08-052的漏洞, 奇虎取了一个骇人听闻的标题 “奇虎360称发现微软史上最大安全漏洞 ”。 > > 但是有安全组织研究声称这个漏洞利用不了: > > The integer overflow can be triggered via a WMF file containing a > specially crafted > PolyPolygon record that specifies an overly large number of points. > Attacker-controlled > data will be written past the end of an under-sized heap buffer, > ultimately triggering > an access violation that will be handled by an exception handler. > > The data written beyond the end of the allocated buffer is influenced > by the attacker, > but only the lower 16-bits of each 32-bit word can be controlled and > the upper bits will > be either all zeroes or all ones. As the attacker cannot specify a > usable address, it > appears unlikely that code execution would be possible, however, it > cannot be completely > ruled out. > > 声称不能用,最用成功利用的例子其实也不少,不知道这个会不会又是一个耳光? > > 所以特地请各位讨论一些看能不能利用? --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
