.
//- Solution
No known solution. You have to wait for a vendor upgrade and
be careful with unknown PS files.
//- Impact
Successful exploitation leads to remote code execution.
//- Credits
Renaud Lifchitz
r.lifchitz at sysdream dot com
http://www.sysdream.com/
//- Greetings
this protection :
http://www.sysdream.com/articles/Analysis-of-Microsoft-Windows-Vista's-ASLR.pdf
Regards,
Renaud Lifchitz
Information Security Consultant
SYSDREAM: http://www.sysdream.com/
Microsoft MSN Hotmail : Cross-Site Scripting Vulnerability
//- Advisory
Program : Microsoft MSN Hotmail
Homepage : http://www.hotmail.com
Discovery: 2006/01/28
Author Contacted : 2006/03/21
Found by : crashfr at sysdream dot com
This Advisory: nono2357
disclosure doesn't come from the first iframe, but from
the second one. Indeed, the inline attachment basic.html itself
contains a iframe, which is not correctly filtered and makes Thunderbird
fetch any external resource.
Best regards,
Renaud Lifchitz
http://www.sysdream.com
Daniel Veditz wrote
Mozilla Thunderbird : Remote Code Execution Denial of Service
//- Advisory
Program : Mozilla Thunderbird
Homepage : http://www.mozilla.com/thunderbird/
Tested version : = 1.0.7
Found by : nono2357 at sysdream dot com
This advisory: nono2357 at sysdream dot