[Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
george_ou at lanarchitect.net
Tue Apr 3 22:29:16 BST 2007
The patch for ANI is out from Microsoft. I'm assuming the question is if we
will see this technique for Firefox exploitation posted now?
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Larry
Sent: Tuesday, April 03, 2007 2:14 PM
To: Alexander Sotirov
Cc: full-disclosure at lists.grok.org.uk
Subject: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
LS> The Firefox docs say that it doesn't support .ani files for cursors.
LS> How are you exploiting it?
AS> I'll wait until the patch is out before I publish the technique.
AS> As far as I know there are no public ANI exploits for Firefox yet.
So now can you say how Firefox is vulnerable?
eWEEK.com Security Center Editor
Contributing Editor, PC Magazine
larryseltzer at ziffdavis.com
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.