I believe I have contributed greatly to the security community with my post here. Not only have I denied another 0x41414141 hacker but I have also made Valdis have to backtrack on his ( as usual) stupid post. I believe Valdis and Billy O Reilly have alot in common. ( "
<br>"I was wrong. I am not pleased about it at all and I think all
Americans should be concerned about this…What do you want me to do, go
over and kiss the camera?" ).<br><br><div class="gmail_quote">On Dec 27, 2007 9:05 AM, Elazar Broad <<a href="mailto:elazarb@earthlink.net">elazarb@earthlink.net</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
After some more analysis by Carsten Eiram @ Secunia, this is NOT exploitable. I would like to apologize for the hasty post. SecurityFocus, please update bid 27026 to reflect the fact that at most, this can just crash the browser.
<br><div class="Ih2E3d"><br>Elazar<br><br>-----Original Message-----<br>>From: <a href="mailto:Valdis.Kletnieks@vt.edu">Valdis.Kletnieks@vt.edu</a><br>>Sent: Dec 26, 2007 1:28 AM<br>>To: reepex <<a href="mailto:reepex@gmail.com">
reepex@gmail.com</a>><br>>Cc: Elazar Broad <<a href="mailto:elazarb@earthlink.net">elazarb@earthlink.net</a>>, <a href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br>>Subject: Re: [Full-disclosure] AOL YGP Picture Editor
YGPPicEdit.dll Multiple Buffer Overflows<br>><br>>On Tue, 25 Dec 2007 21:53:29 CST, reepex said:<br>><br></div><div class="Ih2E3d">>> How does a bunch of 'A's prove something is exploitable?<br>>
<br></div><div class="Ih2E3d">>If a bunch of A's causes the EIP to end up as x'41414141', it's 95% of the<br>>way to being an exploit. If it gets you some *other* crash, it's probably<br>>at least 30% to 40% of the way to an exploit.
<br>><br>>Go back and read the analysis of the NTP buffer overflow from a number of years<br>>back. Truly a classic - they managed to leverage a *one byte* overflow into<br>>a complete and total rooting of the box.
<br><br></div><div><div></div><div class="Wj3C7c">_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br></div></div></blockquote></div><br>