l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2005 Mar 31 01:51

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Why not Windows: cursor vulns
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Why not Windows: cursor vulns



From the Incidents list at SecurityFocus:

    http://www.mnin.org/forums/viewtopic.php?t=112
    Tri-Mode Browser Exploits - MHTML, ANI, and Java VM Sandbox 
    PostPosted: Wed Mar 02, 2005 8:32 pm

    In summary, the user followed a search engine's pointer and ended up
    at xxxcenter.org. Her browser was forced into a situation where it
    would be downloading code from another site no matter what she did.
    This code used a multi-attack mechanism including a buffer overflow
    in Microsoft's ANI file format, a parsing and privilege escalation
    vulnerability in the MHTML protocol hander, and weaknesses in Java's
    VM component.

The rest of the post shows detail of how the exploit functions.

More here:

    http://www.securityfocus.com/archive/75/394573/2005-03-27/2005-04-02/0


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Deep inside the secret headquarters of the RedHat / GNOME / Ximian
    / Mozilla Cabal, there's a hidden document with a list of everything
    in Unix you know and love, marked with a date for its final
    expurgation. I think 'ls' is slated to be finally replaced with a
    symlink to 'nautilus' in 2007.
    - Dan Egnor.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.