Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Re: [exploitwatch.org] ALERT: Windows XP JPEG Buffer O

from [Clemens, Dan] Network Security [Permanent Link]
Subject: [Full-Disclosure] Re: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POCExploit
Date: Fri, 17 Sep 2004 20:37:23 -0500 

I may not have a clue but when I read the email from the author of this "POC" 
it stated that it was a poc to show where the overflow will occur and doesn't 
actually exploit the vulnerability. Furthermore the vulnerability is a heap 
based overflow which means that successful worm like exploitation isn't really 
the highest possibility as you suggest in your fear based email.
Simply,
Dan


-----Original Message-----
From: admin@exploitwatch.org <admin@exploitwatch.org>
To: full-disclosure@lists.netsys.com <full-disclosure@lists.netsys.com>; 
bugtraq@securityfocus.com <bugtraq@securityfocus.com>; vulnwatch@vulnwatch.org 
<vulnwatch@vulnwatch.org>
Sent: Fri Sep 17 03:50:01 2004
Subject: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POCExploit

A PoC for the Windows XP JPEG has been published. Because of the potential
impact, it is anticipated that this exploit will be widely used by worms and
other malware within a short period of time.

http://www.gulftech.org/?node=downloads

Regards,
admin@exploitwatch.org
http://exploitwatch.org



Confidentiality Notice: This e-mail communication and any attachments may 
contain
confidential and privileged information for the use of the designated 
recipients named above. If
you are not the intended recipient, you are hereby notified that you have 
received this
communication in error and that any review, disclosure, dissemination, 
distribution or
copying of it or its contents is prohibited. If you have received this 
communication in
error, please notify me immediately by replying to this message and deleting it 
from your
computer. Thank you.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Re: [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POCExploit, Clemens, Dan <=
Previous by Date:  RE: [Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, pingywon MCSE
Next by Date:  [Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Chris Norton
Previous by Thread:  [Full-Disclosure] RE: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access, Michael Scheidell
Next by Thread:  [Full-Disclosure] Debian netkit telnetd vulnerability, Michal Zalewski
Indexes:  [Date] [Thread] [Top] [All Lists]