|
 | 作者: BrideX [bridex]
 论坛用户 |
登录 |
| Summary An exploitable buffer overflow in Microsoft Windows' DirectSpeechSynthesis and DirectSpeechRecognition allows attackers to cause the user to execute arbitrary code by overflowing the ModeName parameter of the ActiveX. Credit: The information has been provided by A. Micalizzi (aka rgod). The original article can be found at: http://www.milw0rm.com/exploits/4066 Details Exploits: <!-- 01/06/2007 23.19.50 Microsoft Windows DirectSpeechSynthesis Module (XVoice.dll) / DirectSpeechRecognition Module (Xlisten.dll) remote buffer overflow exploit / 2k sp4 seh version both the dlls are located in %SystemRoot%\speech folder and they are vulnerable to the same issue. while on 2k it depends on activex settings, under xp they are both set to "safe for a trusted caller", i.e. Internet Explorer registers after that some chars are passed to ModeName argument of FindEgine method and seh handler is overwritten: . . . . . . .. . .. . . . . . . 我不明白这个脚本怎么用啊?!是对付最新的WIN2K的! |
| 地主 发表时间: 07-09-05 12:34 |
| 回复: BrideX [bridex] 论坛用户 |
登录 |
|
原文 http://www.heibai.net/article/info/info.php?infoid=34215 |
| B1层 发表时间: 07-09-05 12:34 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: XVoice.dllandXlisten.dllBufferOverflow?