Re: MSIE buffer overrun

Russ (Russ.Cooper@RC.ON.CA)
Fri, 20 Mar 1998 17:23:22 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: dorqus: "Followup: Plaintext passwords in Chase Online Banking"
Previous message: Peter van Dijk: "[linux-security] bug in su (Slackware 3.4)"
Maybe in reply to: Georgi Guninski: "MSIE buffer overrun"

BTW, someone reminded me that this looked very similar to the "MK
Overrun" exploit Dildog, from The l0pht, described in their advisory
from 1/14/98.

I set the MKEnabled registry entry to "No", and the exploit still works.
Of course I'm testing on IE 4.01 (4.72.2106.8).

Just an FYI in case you thought it was just a repeat of the same old
bug. It may well be a minor variation, but its not the same bug.

Cheers,
Russ Cooper
R.C. Consulting, Inc. - NT/Internet Security
http://www.ntbugtraq.com

Next message: dorqus: "Followup: Plaintext passwords in Chase Online Banking"
Previous message: Peter van Dijk: "[linux-security] bug in su (Slackware 3.4)"
Maybe in reply to: Georgi Guninski: "MSIE buffer overrun"