Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion
search
Home Agent Weblogs Social Network Post Help About


This page contains all of the posts and discussion on MemeStreams referencing the following web page: eEye: PNG Vulnerability in Microsoft *. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

eEye: PNG Vulnerability in Microsoft *
by Rattle at 4:45 pm EST, Dec 16, 2002

] Twas the night before Christmas, and deep in IE
] A creature was stirring, a vulnerability
] MS02-066 was posted on the website with care
] In hopes that Team eEye would not see it there
]
] But the engineers weren't nestled all snug in their beds,
] No, PNG images danced in their heads
] And Riley at his computer, with Drew's and my backing
] Had just settled down for a little PNG cracking
]
] When rendering an image, we saw IE shatter
] And with just a glance we knew what was the matter
] Away into SoftICE we flew in a flash
] Tore open the core dumps, and threw RFC 1951 in the trash
]
] The bug in the thick of the poorly-written code
] Caused an AV exception when the image tried to load
] Then what in our wondering eyes should we see
] But our data overwriting all of heap memory
]
] With heap management structures all hijacked so quick
] We knew in a moment we could exploit this $#!%
] More rapid than eagles our malicious pic came --
] The hardest part of this exploit was choosing its name

Nice. Love the XMass poem.

A faulty image can execute code. Only Microsoft...

Link - Reply

  
 
Powered By Industrial Memetics