Full Disclosure mailing list archives
MDG Web Server 4D 3.6.0 Buffer Overflow
From: "tom ferris" <badpack3t () security-protocols com>
Date: Wed, 30 Apr 2003 23:16:07 -0400 (EDT)
SP Research Labs Advisory x05 ----------------------------- www.security-protocols.com Product - MDG Web Server 4D 3.6.0 Buffer Overflow Download it here: ftp://ftp.mdg.com/demos/WS4D/Win/WS4D_3.6.0_Full.exe Date Released - 04/30/2003 Release Mode Vendor was notified on 04/27/2003. The vendor did not give me a date for the updated version. ------------------------------ Product Description from the vendor - A full featured web server with an integrated database for publishing your databases on the web for MacOS and WindowsNT. ------------------------------- Vulnerability Description - A buffer overflow vulnerability exists within MDG Web Server 4D 3.6.0. By doing a GET / with 4096 <s will cause the web server to crash. Once the malicious payload has been sent, the web server will crash giving a runtime error. This vulnerability is remotely exploitable. Exploit is attached for your pleasure. Advisory Link http://www.security-protocols.com/article.php?sid=1493&mode=thread&order=0 Tested on: Windows XP Pro SP1 Windows 2000 SP3 ------------------------------- peace out, ------------------------------- badpack3t www.security-protocols.com -------------------------------
Attachment:
sp-ws4d.c
Description:
Current thread:
- MDG Web Server 4D 3.6.0 Buffer Overflow tom ferris (Apr 30)