[6369] in bugtraq
Re: MSIE buffer overrun
daemon@ATHENA.MIT.EDU (Russ)
Sun Mar 22 14:32:42 1998
Date: Fri, 20 Mar 1998 17:23:22 -0500
Reply-To: Russ <Russ.Cooper@RC.ON.CA>
From: Russ <Russ.Cooper@RC.ON.CA>
X-To: "guninski@hotmail.com" <guninski@hotmail.com>
To: BUGTRAQ@NETSPACE.ORG
BTW, someone reminded me that this looked very similar to the "MK
Overrun" exploit Dildog, from The l0pht, described in their advisory
from 1/14/98.
I set the MKEnabled registry entry to "No", and the exploit still works.
Of course I'm testing on IE 4.01 (4.72.2106.8).
Just an FYI in case you thought it was just a repeat of the same old
bug. It may well be a minor variation, but its not the same bug.
Cheers,
Russ Cooper
R.C. Consulting, Inc. - NT/Internet Security
http://www.ntbugtraq.com
