In pwn2own 2010 Peter Vreugdenhil founder of Vreugdenhil Research, Holland found a vulnerability in Microsoft 
<XML ID="xmlid1">
<Devices>
<Device>
<AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA />
</Device>
</Devices>
</XML></pre>
Inside an HTML file would give you access to what is called an XML Data Island. This is actually acts as an database interface. You can query the XML data, retrieve rows and data and add more rows. The underlying object is an MSAdo object.
The db objects exposes a property called ‘CacheSize’ that you can use to determine how many records it should keep in its cache. Internally the CacheSize is multiplied by 0×4 and then 0×10 is added (I am typing this from memory so I might be a bit off, but the rough data is correct).
You can read about the vulnerability at Vreugdenhil Research .
Pwn2Own – Paper by Peter Vreugdenhil
Like This post ? You can buy me a Beer :)
0 comments:
Need to say something ? Spell it out :)