«
»

“Virtual Worlds, Real Exploits” Presentation Posted

Charlie Miller and I presented our research into exploiting SecondLife at ShmooCon 2008 and they have just posted our materials online.  Check out the video to see Charlie and I running our Linden-stealing QuickTime exploit in SecondLife, live and on ice stage.  For more information, check out the slides or more details at Independent Security Evaluators.  This year was my first ShmooCon and I really had a blast, so props to the Shmoo crew for putting on a fun con.

UPDATE @ 20080605: An authoritative reader corrected me on the slides that, “http://www.kb.cert.org/vuls/id/112179 was a heap overflow parsing the Reason-Phrase.  I think the vulnerability was actually CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166 which was a stack buffer overflow in the parsing of the Content-Type and which had a PoC by h07.”

Very true, we got the links wrong, the exploit was for the Content-Type stack overflow.

Advertisement

This entry was posted on June 1, 2008 at 11:59 pm and is filed under Conferences . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s