Vulnerabilities Research Group
Wednesday, July 29, 1998
tentative minutes; not yet approved
Mike Fitzgrerald (notetaker),
Meeting began at 11:10AM
Meeting adjourned at 12:00.
- Previous Business
- Review and approve minutes of previous meeting (Matt; deferred
to next meeting)
- Presentation (Jeff)
- Review of Netscape, Microsoft Mail, and Microsoft Outlook email bug (Matt)
The exploit works on attributes assigned to HTML tags.
When programs load tags, apparently attribute length is not checked.
So if you load the attribute, and it is too long, it overwrites the buffer.
The buffer is allocated on the stack, so you can change the return
address and execute a routine on the stack.
- Keith to get Netscape source and look into the vulnerability.
- How does Netscape deal with regular tags that are too long?
- Vulnerability Database
- 60 vulnerabilities converted so far; Matt going over them,
making them consistent.
- Distribution policy discussed; a draft will be circulated.
- Future meetings
- Next Meeting: Ricardo will present on race condition checking by wrappers.
- Week after: Theresa and Jason will present on making stdio robust.
Send email to
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 8/4/98