Kevin Vance - Best IE vulnerability ever

Entries | Archive | Friends | Friends' Friends | User Info

05:25 pm

Best IE vulnerability ever

Tuesday, July 23rd, 2002
Previous Entry Share Next Entry
Impact:     Pressing CTRL in IE may result in arbitrary local
            file to be uploaded to a remote server (no exact
            path needed). If special sensitive information is
            uploaded, it may be used to run remote programs.
Incredibly unmotivated currently. I have 65535 ideas and no energy. I found out that if you compile a windows app with wxWindows and ImageMagick that just displays an image, the result is a 2MB executable because it's safe to assume that no windows user has wxWindows or ImageMagick.
Link )Reply )

Comments
From: thedexter
2002-07-23 03:11 pm (UTC)

should've said (2^16-1).
(Reply) (Thread)
[User Picture]From: nonexistent
2002-07-23 04:47 pm (UTC)

Shouldn't that be (2^16)-1?
(Reply) (Parent) (Thread)
From: thedexter
2002-07-23 05:02 pm (UTC)

Re:

2^16-1, (2^16)-1, and (2^16-1) all yield the same answer, given the order of operations is followed.
(Reply) (Parent) (Thread)
[User Picture]From: nonexistent
2002-07-23 08:03 pm (UTC)

Re:

True. It's just that some calculators and computers would interpret 2^16-1 as 2^15.
(Reply) (Parent) (Thread)
From: thedexter
2002-07-23 09:29 pm (UTC)

Re:

The difference is, I meant (2^16)-1, not 2^(16-1). Yeah.
(Reply) (Parent) (Thread)
[User Picture]From: suppafly
2002-07-23 09:51 pm (UTC)

doubt it...

you'd be hard pressed to find anything digital that would interpret 2^16-1 as 2^15.
(Reply) (Parent) (Thread)
[User Picture]From: nonexistent
2002-07-23 11:04 pm (UTC)

Re: doubt it...

I'm not sure, but I think my TI-83 interprets it that way. Don't quote me on that, though.
(Reply) (Parent) (Thread)
[User Picture]From: suppafly
2002-07-24 09:34 am (UTC)

Re: doubt it...

(Reply) (Parent) (Thread)
[User Picture]From: myth
2002-07-23 03:43 pm (UTC)
Maybe you should get one more idea so it will overflow back to zero. Then you won't feel as bad anymore.
(Reply) (Thread)