Create an Account
username: password:
 
  MemeStreams Logo

eEye: PNG Vulnerability in Microsoft *
search
Home Agent Weblogs Social Network Post Help About

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
eEye: PNG Vulnerability in Microsoft *
Topic: Computer Security 4:45 pm EST, Dec 16, 2002

] Twas the night before Christmas, and deep in IE
] A creature was stirring, a vulnerability
] MS02-066 was posted on the website with care
] In hopes that Team eEye would not see it there
]
] But the engineers weren't nestled all snug in their beds,
] No, PNG images danced in their heads
] And Riley at his computer, with Drew's and my backing
] Had just settled down for a little PNG cracking
]
] When rendering an image, we saw IE shatter
] And with just a glance we knew what was the matter
] Away into SoftICE we flew in a flash
] Tore open the core dumps, and threw RFC 1951 in the trash
]
] The bug in the thick of the poorly-written code
] Caused an AV exception when the image tried to load
] Then what in our wondering eyes should we see
] But our data overwriting all of heap memory
]
] With heap management structures all hijacked so quick
] We knew in a moment we could exploit this $#!%
] More rapid than eagles our malicious pic came --
] The hardest part of this exploit was choosing its name

Nice. Love the XMass poem.

A faulty image can execute code. Only Microsoft...

eEye: PNG Vulnerability in Microsoft *

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0