lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 10 Feb 2005 09:48:37 +0000
From: "Andrew Hunter" <andiroohunter@....com>
To: bugtraq@...urityfocus.com
Subject: RE: MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit


Ok after switching to MSN 6 still couldn't load the image as my display 
picture. It turns out that the instructions provided with this file are 
wrong! You have to send the victim the image via the file transfer mode on 
MSN.

I have tested this and can varify that it works. It isn't an auto 
exploitation, the user has to click the link to view the file, at which 
point there msn will freeze and a .exe will be dropped onto the 
system(assuming HTTP isn't blocked by the firewall). The victim will know 
that something dodgy has happened since in each case their MSN 
closes/freezes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ