If at first you don't succeed; call it version 1.0
Saturday, 18 February 2006

It appears that the severity of the new vulnerability found in Windows Media Player's plug-in for non-IE browsers was downplayed by Microsoft.

According to iDefense's advisory: "Due to unicode translations, shellcode characters are somewhat limited to character code values below 0×80". So, my assumption was that MS ranked this vulnerability with 'Important' severity instead of 'Critical' because of the un-feasibility of injecting a usefully shell-code.

Well, I guess I was wrong. Alphanumeric shell codes can be used, and also SkyLined heap spraying method. Both Proof-of-Concepts were demonstrated by H D Moore and Matthew Murphy.

Back to the books...

Saturday, 18 February 2006 01:00:39 UTC | Comments [0] | Security#
Comments are closed.     
Send me an Email
Follow me on Twitter
RSS Feeds
Admin Login
Sign In
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.