Posted by SkyLined on March 8th, 2010 in Browsers, Internet Explorer, Repro and Security ·
Quoting http://msdn.microsoft.com/en-us/library/aa930622.aspx:
typedef struct tagBITMAPINFOHEADER {
DWORD biSize;
LONG biWidth;
LONG biHeight;
WORD biPlanes;
WORD biBitCount
DWORD biCompression;
DWORD biSizeImage;
LONG biXPelsPerMeter;
LONG biYPelsPerMeter;
DWORD biClrUsed;
DWORD biClrImportant;
} BITMAPINFOHEADER;
“If the bitmap is a packed bitmap (a bitmap in which the bitmap array immediately follows the BITMAPINFO header and is referenced by a single pointer), the biClrUsed member must be either zero or the actual size of the color table.”
ANI files stores each frame of the animated cursor as a packed bitmap inside the ANI file…
Posted by SkyLined on March 1st, 2010 in Browsers, HTML, Internet Explorer, JavaScript, PoC, Programming Languages and Security ·
In 2005 I released Internet Exploiter 2, which helped make heap spraying popular in browser exploits…
Posted by SkyLined on January 20th, 2010 in Browsers, Internet Explorer, JavaScript, Programming Languages, Repro and Security ·
Two crashes caused by NULL pointer dereferences have been discovered in MSIE 6.0/7.0. These issues do not affect MSIE 8.0…
Posted by SkyLined on October 13th, 2009 in Browsers, Internet Explorer, Repro and Security ·
(a.k.a. MSRC 8769, MS09-054, CVE-2009-1547, “Data Stream Header Corruption Vulnerability”)
Microsoft fixed a bug in Internet Explorer’s “Content-Encoding:deflate” implementation…
Posted by SkyLined on September 29th, 2009 in Browsers, Chrome, Firefox, Internet Explorer, JavaScript, Opera and Safari ·
AsyncXMLHttpRequest is an extension of XMLHttpRequest with the following improvements:
Uniform behavior on multiple different browsers (Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox and Opera).
Event handlers are called with the AsyncXMLHttpRequest object to which they apply as the first argument…
Posted by SkyLined on April 19th, 2009 in Browsers, Internet Explorer, PoC and Security ·
Microsoft has just released a fix for an issue I reported to them on December 4th, 2008. A simple repro can be found here…
Posted by SkyLined on January 7th, 2009 in Browsers, Internet Explorer, PoC and Security ·
MSIE can be made to crash with a NULL ptr Read AV by executing a very small piece of JavaScript. This affects MSIE 6.0, 7.0 and 8.0 beta2…
Posted by SkyLined on December 10th, 2008 in Chrome, Firefox, Google, Internet Explorer, Opera, Plugins, Safari and Security ·
I’ve created a table with contact information for security teams for mayor software vendors. I’m hoping you’ll find the information useful when you’re trying to report a vulnerability…
Posted by SkyLined on August 26th, 2008 in Firefox, Internet Explorer, JavaScript and Safari ·
I’ve created an example script that outputs a stack dump in JavaScript. It shows all the functions that have been called, their arguments and the values of these arguments. I find it to be very useful while writing complex JavaScripts – I use it in asserts and error handlers to find out why things go wrong quickly…
