Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [12:50] < p> if I had a dollar for everytime someone sent me the message, "Look at this backtrace. Is this exploitable?" - I'd retire.
- [14:36] < i> pcat: ?
- [14:37] < i> Description: Data Execution Prevention Violation
- [14:37] < i> Short Description: DEPViolation
- [14:37] < i> Exploitability Classification: EXPLOITABLE
- [14:37] < i> Recommended Bug Title: Exploitable - Data Execution Prevention Violation starting at
- [14:37] < i> Is that expoitable?
- [14:37] * i paypals pcat $1.
- [14:38] < d> thats what the directshow vuln can be made to do
- [14:38] < d> funtimes
- [14:39] < pcat> Umm I dont think !exploitable is good at determining exploitability
- [14:39] < pcat> but that seems promising :)
- [14:42] < i> there is a vuln in directshow?
- [14:43] < pcat> yessir
- [14:43] < i> yes was patch tuesday
- [14:43] < i> err
- [14:43] < i> yesterday
- [14:44] < d> today is patch tuesday
- [14:44] < d> unless you're somewhere far away from me
- [14:44] < i> sorry
- [14:44] < i> missed a day due to no sleeping
- [14:44] < i> so it just got released?
- [14:44] < d> nah
- [14:44] < i> the function pointer overwrite?
- [14:44] < d> directshow bug is still not patched
- [14:45] < d> wasn't in this batch
- [14:46] < i> hrm
- [14:46] < i> i think this is diffrent
- [14:48] < i> if quartz is required i don't have it loaded
- [14:48] < d> it is
- [14:48] < d> but... if you're looking at a bug in windows media player
- [14:48] < d> chances are youve got quartz loaded
- [14:49] < i> not windows media player
- [14:49] < i> IE8
- [14:49] < d> well, if you're loading the wmp activex control, same applies
- [14:49] < d> if its just ie8 then i dunno why you'd think it was a directshow bug?
- [14:49] < i> not loading wmp
- [14:49] < i> i couldn't remeber how directshow got hooked
- [14:49] < i> and my luck would be to find a bug the day it is patched
- [14:50] < d> lots of COM and the iasyncreader interface to grab files then quartz is loaded to determine what type of media it is
- [14:50] < d> and then passes off control to installable compressors/decompressors if its a custom stream compression
- [14:51] < i> then unloads and cleans up?
- [14:51] < d> well, if it goes to the codec then its acting as a driver
- [14:51] < d> implements driverproc
- [14:51] < d> handles driver messages
- [14:51] < d> so for each frame
- [14:51] < d> itd still have to be loaded.. once the movie finishes it might be unloaded, but not sure
- [14:53] < d> not sure what would happen after ICM_COMPRESS_END other than the driver freeing its resources
- [14:53] < d> or ICM_DECOMPRESS_END
Add Comment
Please, Sign In to add comment