嗯,发个样本来瞅瞅。
On 9月17日, 下午4时55分, netcicala <[EMAIL PROTECTED]> wrote:
> 似乎我已经中国这种漏洞的病毒mail . 当时没多想。
>
> --
>
> =====END=====
>
> 在2008-09-17,"大风" <[EMAIL PROTECTED]> 写道:
>
>
>
> >应该是很难利用的,或者要结合一些环境。
>
> >不过08-052是很多漏洞的集合,不知道其中是否有可以利用的
>
> >不过小道消息的wild exploit一般是假的或者是有一定限制条件的或者是不稳定的。
>
> >[Ph4nt0m]
> >[Ph4nt0m Security Team]
> > [EMAIL PROTECTED]
> > Email: [EMAIL PROTECTED]
> > PingMe:
> > === Ultimate Hacking ===
> > === XPLOITZ ! ===
> > === #_# ===
> >#If you brave,there is nothing you cannot achieve.#
>
> >-----邮件原件-----
> >发件人: [email protected] [mailto:[EMAIL PROTECTED] 代表
> >Cmdhz
> >发送时间: 2008年9月17日 11:12
> >收件人: Ph4nt0m
> >主题: [Ph4nt0m] 关于ms08-052漏洞的请教!
>
> >最近看了下ms08-052的漏洞, 奇虎取了一个骇人听闻的标题 "奇虎360称发现微软史
> >上最大安全漏洞 "。
>
> >但是有安全组织研究声称这个漏洞利用不了:
>
> >The integer overflow can be triggered via a WMF file containing a
> >specially crafted
> >PolyPolygon record that specifies an overly large number of points.
> >Attacker-controlled
> >data will be written past the end of an under-sized heap buffer,
> >ultimately triggering
> >an access violation that will be handled by an exception handler.
>
> >The data written beyond the end of the allocated buffer is influenced
> >by the attacker,
> >but only the lower 16-bits of each 32-bit word can be controlled and
> >the upper bits will
> >be either all zeroes or all ones. As the attacker cannot specify a
> >usable address, it
> >appears unlikely that code execution would be possible, however, it
> >cannot be completely
> >ruled out.
>
> >声称不能用,最用成功利用的例子其实也不少,不知道这个会不会又是一个耳光?
>
> >所以特地请各位讨论一些看能不能利用?
--~--~---------~--~----~------------~-------~--~----~
要向邮件组发送邮件,请发到 [email protected]
要退订此邮件,请发邮件至 [EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
