[Full-disclosure] MS06-0[0]6 Windows Media Player Exploitation [CODE]

Fri Feb 17 14:32:21 GMT 2006

Works well against Firefox 1.5.0.1 on the following systems:
- Windows XP SP2
- Windows 2003 SP0
- Windows 2000 SP4

However, it does not work with Opera 8.5 on any platform. Should just be a 
matter of changing return addresses based on the user-agent though...

-HD

On Friday 17 February 2006 02:05, Matthew Murphy wrote:
> The heap spray technique works very effectively -- you end up with a
> *sizable* pad in the 0x04a00000 region which you can use as a direct
> jump point for the payload, without any of the fancy frame manipulation
> tricks that I am too tired to try at this hour of the night/morning.