MS09-014: EMBED element memory corruption

Microsoft has just released a fix for an issue I reported to them on December 4th, 2008. A simple repro can be found here.
Though I did not investigate the issue, it appears to be similar to MS05-20: it is triggered by having JavaScript running in one window create and delete EMBED elements with existing mime-types in another window in rapid succession. Because each window is running in its own thread in MSIE, the code must be thread-safe for two windows to interact correctly. This issues appears to be a re-entrancy problem that causes one thread to access data after that data was freed by another thread.

Video Playback on Android

Since a couple of months I have a new Android Phone. Ever since I got it I’ve been searching on how to play videos on the device.

When push comes to shove, it’s actually quite simple.

First: Install Jeff Hamilton’s ‘Video Player’ from the market.
This is a simple, no BS video player which supports playing MP4 or 3GPP with H.264, H.263 encoding and MP3, AAC or AMR Audio from your SD card.

Now that was easy.

Since the player does not support DivX XviD or anything else than stated above you might want to convert your video files. Luckily that is quite easy as well.

The Videora iPod converter works excellent it can be found here:
http://www.videora.com/en-us/Converter/iPod/

After installation, it’s somewhat ‘weird’ in my perception on how it works. But it does the job.

After installing, open up the settings ‘tab’ and select ‘encoding’.
Take iPod Classic (6th generation) from the dropdown and then select create a new profile, which you can dub ‘Android’ or something in the name field.

Under Video, take these settings (click for large):

Videora Settings for Android

Then click ‘OK’ and ‘Save Settings’.

Next up is starting an encoding job.

Go to convert

And then, this is the odd part. Select ‘Power Mode’ from the center block, ignore the annoying advertisements:

Ok that done, now, in the bottom part of the application you can see the next step.

You need to select the file you wish to encode and be sure to select the profile we just created as such:

You can choose to enqueue it or start encoding right away!

When done, which may take quite some time, you only have to copy your freshly created file to your phone’s SD card and start the Video Player. It will find the file by itself and you can watch straight away!

Any comment is welcome if you know a better application for the job, please tell me!

Have fun!

Google Analytics for MediaWiki

I’ve create a userscript that can be used to add Google Analytics to MediaWiki. I’ve done this before by editing the PHP source code. The best thing about this userscript is that you do not need to install anything or modify source code; you can add it by modifying a few pages in the Wiki. Have a look here for more details and an example.

Tooltips for MediaWiki

I’ve create a userscript that can be used to create tooltips in MediaWiki. The best thing about it is that you do not need to install anything or modify source code; you can add it by modifying a few pages in the Wiki. Have a look here for more details and an example.

Network drive FAIL

VMWare Unicode FAIL

BATCH & Python Chimera code

I’ve create an example of how to create a file that can be run both as a valid cmd.exe batch script as well as a valid Python script. This would be useful if python.exe is available on a system but not set up to handle .py files: a .cmd file can be used to automatically find the python exe and run the script.

The example can be found here.

MSN/Live Messenger: Disable “Open main window when Messenger starts”

Windows Live messenger (aka MSN Messenger) has two settings for controlling startup behavior; one to tell it to auto-start at windows startup and one to tell it to open the main window when it starts. For unknown reasons, Microsoft decided to turn on the later option and DISABLE it if you turn off the former. This means that if you do not auto-start Messenger, the main window will always open when it starts. This is annoying but fortunately there is a way to work around this by modifying the registry:

[HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger\AppSettings] is a REG_BINARY of which the first BYTE will be F0 to enable opening the main window at startup and D0 to disable this. After you have turned off auto-start, you can modify this value using regedit.exe to stop the main window from opening.

MSIE screen[""] NULL ptr DoS details

MSIE can be made to crash with a NULL ptr Read AV by executing a very small piece of JavaScript. This affects MSIE 6.0, 7.0 and 8.0 beta2. It should be fixed in 8.0 rc1.

The following HTML triggers the issue:

<BODY onload=screen[""]>

I am amazed that a bug that is so simple to trigger has apparently gone unnoticed for years.

Repro here.
List of software vulnerabilities here.

List of software vulnerabilities

I have created a list of software vulnerabilities, including previously unreleased material, on the wiki:

http://skypher.com/wiki/index.php?title=List_of_software_vulnerabilities

I’ll update it as I find more issues and fixes become available.