搜索此博客

2008年3月9日星期日

Mac X86 Shellcode Tips

等待发布中,已经投到webzine, 可以直接在www.ph4nt0m.org找到。等那边出来这里就会同步放出了。
阅读全文

域名被抢

郁闷,域名被人抢注了,那个人居然还叫毛毛!
以后要改成n00p.com.cn了,真长,麻烦大家多记一个.com,看来续费还是要 勤快点,这年头什么都有人抢!(投名状?)
阅读全文

2008年3月7日星期五

ms08-010记录

CVE-2008-0077

From idefense:
When certain properties are assigned malformed values, memory can be corrupted in a way that leads to Internet Explorer making a call to a member function of an already released property object. If the memory location of the released property object happens to be filled by attacker controlled content, the attacker can execute arbitrary code.

From ZDI:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific flaw exists in the handling of the "by" property of an animateMotion SVG element. By assigning other DOM elements to this property, a memory corruption occurs during the destruction of a Variant data type. The corruption causes an overwrite of a virtual function address allowing for the execution of arbitrary code.


阅读全文