Monday, December 29, 2008

'Twas the vuln before Christmas

As a Christmas gift to Microsoft, a hacker released proof-of-concept code for a Windows Media Player crash that at first was reported to be exploitable.

The SVRD bloggers quickly poured cold water on that, but I found this poetic response amusing enough to link to from here: http://vrt-sourcefire.blogspot.com/2008/12/vuln-before-christmas.html

A quick snippet:

A file template built, Pat now had the vision,
To find oddness in song tempo, and time division,
and what in my windbg window should appear,
but a #DE error, no int overflow here!

Now checking in IDA, and tweaking edx,
no memory moved, no additional wrecks,
not a vuln at all here! Not nearly the same,
I can't believe we stopped drinking for something so lame!

No comments: