Vulnerability Development mailing list archives
Buffer Overflow in Microsoft Visual C++ Debugger
From: "a b" <p0pt4rtz () hotmail com>
Date: Sun, 12 May 2002 02:02:46 -0700
Hey all,Found another noteworthy overflow. I don't know the potential capabilties of this overflow. But what the hell, I'll send it in anyways :)
Here are the steps to replicate this problem. 1.) Open up MSDEV 2.) Load up a sample program. For this lets load C:\winnt\system32\net1.exe 3.) When it's loaded press Alt+F7. 4.) Go to the debug tab.5.) In the arguments type "send localhost Ax3000" (Send a lot. Probably around 3000 or so. I haven't narrowed the buffer down yet.)
6.) Click OK and execute the program by CTRL+F5. 7.) The net1.exe should heap overflow (just like how I found before). 8.) Exit net1.exe and then press F5 in MSDEV. 9.) Wait a couple seconds and then gape at it's nice overflow.For mine I send char 'x'. Just cause I like x: The instruction at "0x73e2c22d" referenced memory at "0x78787878". The memory could not be "read".
Nice isn't it?I'll investigate it more after I am done investigating the heap overflow in net.exe. If your interested in researching this feel free to. I'd just like credit for finding it :)
Have fun, p0p t4rtz p0pt4rtz () hotmail com Netcrash Security Research http://www.netcrash.wronger.com _________________________________________________________________MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
Current thread:
- Buffer Overflow in Microsoft Visual C++ Debugger a b (May 12)