MS11-083 - Critical

Discussion in 'WASM.HEAP' started by Velheart, Nov 9, 2011.

  1. Velheart

    Velheart New Member

    Blog Posts:
    0
    Joined:
    Jun 2, 2008
    Messages:
    526
  2. SadKo

    SadKo Владимир Садовников

    Blog Posts:
    8
    Joined:
    Jun 4, 2007
    Messages:
    1,610
    Location:
    г. Санкт-Петербург
    Ну так решето, что уж говорить.
     
  3. Velheart

    Velheart New Member

    Blog Posts:
    0
    Joined:
    Jun 2, 2008
    Messages:
    526
    А не, походу не так все интересно, как звучит http://blogs.technet.com/b/srd/archive/2011/11/08/assessing-the-exploitability-of-ms11-083.aspx
     
  4. newbie

    newbie New Member

    Blog Posts:
    0
    Joined:
    Dec 2, 2008
    Messages:
    1,246
    сплоет в студию!
     
  5. TermoSINteZ

    TermoSINteZ Синоби даоса Staff Member

    Blog Posts:
    2
    Joined:
    Jun 11, 2004
    Messages:
    3,568
    Location:
    Russia
    Ого, и все же интересно.
     
  6. Rel

    Rel Well-Known Member

    Blog Posts:
    2
    Joined:
    Dec 11, 2008
    Messages:
    5,317
    жду спойт на питоне)))
     
  7. shchetinin

    shchetinin Member

    Blog Posts:
    0
    Joined:
    May 27, 2011
    Messages:
    715
    While I'd love to see an exploit from a purely academic perspective,
    it doesn't appear that this is the type of bug where exploitation is
    going to be reliable enough to support a worm. The reference counter
    in question is most likely 32 bits, but even giving the benefit of the
    doubt and saying it's a 16-bit refcount, that's still 2^16 events
    (probably receiving a certain UDP packet) that need to be triggered
    precisely in order to cause a refcount overflow and then trigger a
    remote kernel use-after-free condition, which wouldn't be trivial to
    exploit even by itself. On an unreliable network like the Internet,
    it seems unlikely that the kind of traffic volume required to trigger
    this bug could be generated without dropping a single packet.
    Reliable DoS seems more likely though



    Пока что вроде де есть сниффер для потока данных .


    Вообще либо ипл или семпел.
     
  8. Selah

    Selah New Member

    Blog Posts:
    0
    Joined:
    Jul 10, 2007
    Messages:
    258
    http://karmanov.wordpress.com/2011/11/15/ms11-083/
     
  9. _Juicy

    _Juicy Active Member

    Blog Posts:
    0
    Joined:
    Aug 12, 2003
    Messages:
    1,159
    Location:
    SPb
    Вот именно, чего так все возбудились, мне неясно.