Edu19

if you can reliably overwrite buffers in memory and successfully inject a shellcode, then the bug severity is high. if it is not reliable...then medium. if this only freezes or crashes the app, then severity is low. by the way, in theory if this works in Real Player, it should work on Internet Explorer or at least other programs that hosts the IE webbrowser control, because RP hosts it to process HTML code.

Hello everyone, I live in Brazil. Finally I found a good forum with good activity. congratulations to the admins and mods who works hard to keep it online, working and with clean content (no spam, illegal topics etc) and of course to the members that contributes with posts and topics. I am new here but not new to forums. have been admin and one of the founders of blackhat-forums.com and co-admin (started as a trial member and got upgraded) at governmentsecurity.org, but unfortunately the forums are dead for quite some time. the second one still exists but honestly dont worth registering because there is almost never new content both at forums and front page of the site. I like a lot computer security and a few other computer related stuff like how to recover data when a sudden crash happens, how to become full user on Windows, new autostart methods, tips and tricks on file formats, what each program is able to do etc. (starting from Windows Vista, the SYSTEM user is not "god" anymore) Willing to post some private vulnerabilities found by myself but would like to know if it is allowed to post with a proof of concept that, for example, only runs calc or command prompt (cmd.exe but without commands of course). cheers.

sorry if it is the wrong place to write in english but since the site front page and forum name is in english I guess it is ok. When you have an undetected cryptor, never send to sites like VirusTotal, etc because they forward the file to AV companies and it will soon become detected, both the cryptor and the stub. The best thing to do is grabbing tools to monitor the behavior of programs and install a good firewall that also monitors programs behavior; one thing that seems to be detected by most AVs and firewalls is when an untrusted app tries to write or oeverwrite files in the system32 dir. The best firewalls is in my opinion are : Outpost Pro Comodo Pro. Antivirus: Kaspersky. If you are a security concerned person and very cautious you dont even need Antivirus, only firewalls like the ones above.

this may or may not freeze the computer. Crash is a term used when something freezes and then closes. like a denial of service (DOS). To avoid this kind of thing, disable the mailto: URL protocol and any other that the browser allows opening automatically. To crash a Windows computer, get the command line tool from Microsoft website called "pskill" . then simply run it as administrator and type "pskill csrss" ... boom, BSOD (Blue screen of death). ironically the tool´s suite (pstools) is updated from time to time by Microsoft. btw it was funny that the poster used a shortcut to an emoticon that is a face with a heart, so it looks like "mailto my love" haha.