[Full-disclosure] POC for a simple gmail/possible code injection into html wich can be executed in an email, i will make the PoC code and explain how here and now...
-= Glowing Doom =-
secn3t at gmail.com
Sun Jun 12 02:33:17 BST 2011
This is NOT coded.. the PoC i am explaining, is possible with simply
copyying text,then using a sequence of keys, to make the actual sentence/s,
This code is not what shows up when it is dissected.
It shows up with many x41 all over the email when it is done properly .
On 12 June 2011 11:29, Christian Sciberras <uuf6429 at gmail.com> wrote:
> For those lazy enough to search:
> Basicaly just compile this and you will get a 100% processor usage by the
> compiled exploit and Csrss.exe
> #include <stdio.h>
> int main(void)
> return 0;
> How this helps in sending spam is beyond me.
> On Sun, Jun 12, 2011 at 3:18 AM, Jeffrey Walton <noloader at gmail.com>wrote:
>> On Sat, Jun 11, 2011 at 9:06 PM, -= Glowing Doom =- <secn3t at gmail.com>
>> > It is now, over 1yr old atleast and exists in riched20.dll.
>> > This PoC info is over for me also.
>> Microsoft had problems with a backspace in the past. Search for "CSRSS
>> Backspace Bug".
>> > [SNIP
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.