[12:50] < p> if I had a dollar for everytime someone sent me the message, "Look

1. [12:50] < p> if I had a dollar for everytime someone sent me the message, "Look at this backtrace. Is this exploitable?" - I'd retire.
2. [14:36] < i> pcat: ?
3. [14:37] < i> Description: Data Execution Prevention Violation
4. [14:37] < i> Short Description: DEPViolation
5. [14:37] < i> Exploitability Classification: EXPLOITABLE
6. [14:37] < i> Recommended Bug Title: Exploitable - Data Execution Prevention Violation starting at
7. [14:37] < i> Is that expoitable?
8. [14:37] * i paypals pcat $1.
9. [14:38] < d> thats what the directshow vuln can be made to do
10. [14:38] < d> funtimes
11. [14:39] < pcat> Umm I dont think !exploitable is good at determining exploitability
12. [14:39] < pcat> but that seems promising :)
13. [14:42] < i> there is a vuln in directshow?
14. [14:43] < pcat> yessir
15. [14:43] < i> yes was patch tuesday
16. [14:43] < i> err
17. [14:43] < i> yesterday
18. [14:44] < d> today is patch tuesday
19. [14:44] < d> unless you're somewhere far away from me
20. [14:44] < i> sorry
21. [14:44] < i> missed a day due to no sleeping
22. [14:44] < i> so it just got released?
23. [14:44] < d> nah
24. [14:44] < i> the function pointer overwrite?
25. [14:44] < d> directshow bug is still not patched
26. [14:45] < d> wasn't in this batch
27. [14:46] < i> hrm
28. [14:46] < i> i think this is diffrent
29. [14:48] < i> if quartz is required i don't have it loaded
30. [14:48] < d> it is
31. [14:48] < d> but... if you're looking at a bug in windows media player
32. [14:48] < d> chances are youve got quartz loaded
33. [14:49] < i> not windows media player
34. [14:49] < i> IE8
35. [14:49] < d> well, if you're loading the wmp activex control, same applies
36. [14:49] < d> if its just ie8 then i dunno why you'd think it was a directshow bug?
37. [14:49] < i> not loading wmp
38. [14:49] < i> i couldn't remeber how directshow got hooked
39. [14:49] < i> and my luck would be to find a bug the day it is patched
40. [14:50] < d> lots of COM and the iasyncreader interface to grab files then quartz is loaded to determine what type of media it is
41. [14:50] < d> and then passes off control to installable compressors/decompressors if its a custom stream compression
42. [14:51] < i> then unloads and cleans up?
43. [14:51] < d> well, if it goes to the codec then its acting as a driver
44. [14:51] < d> implements driverproc
45. [14:51] < d> handles driver messages
46. [14:51] < d> so for each frame
47. [14:51] < d> itd still have to be loaded.. once the movie finishes it might be unloaded, but not sure
48. [14:53] < d> not sure what would happen after ICM_COMPRESS_END other than the driver freeing its resources
49. [14:53] < d> or ICM_DECOMPRESS_END