l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2005 Mar 31 01:51

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Why not Windows: cursor vulns
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Why not Windows: cursor vulns

From the Incidents list at SecurityFocus:

    Tri-Mode Browser Exploits - MHTML, ANI, and Java VM Sandbox 
    PostPosted: Wed Mar 02, 2005 8:32 pm

    In summary, the user followed a search engine's pointer and ended up
    at xxxcenter.org. Her browser was forced into a situation where it
    would be downloading code from another site no matter what she did.
    This code used a multi-attack mechanism including a buffer overflow
    in Microsoft's ANI file format, a parsing and privilege escalation
    vulnerability in the MHTML protocol hander, and weaknesses in Java's
    VM component.

The rest of the post shows detail of how the exploit functions.

More here:



Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Deep inside the secret headquarters of the RedHat / GNOME / Ximian
    / Mozilla Cabal, there's a hidden document with a list of everything
    in Unix you know and love, marked with a date for its final
    expurgation. I think 'ls' is slated to be finally replaced with a
    symlink to 'nautilus' in 2007.
    - Dan Egnor.

Attachment: signature.asc
Description: Digital signature

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.