Vulnerability Development mailing list archives
Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow Vulnerability
From: "Gary O'leary-Steele" <garyo () sec-1 com>
Date: Fri, 27 Sep 2002 14:47:23 +0100
Hello all, I am looking for details on the recent "Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow Vulnerability" the advisory is a bit vague and I can't work out the format of the request required to reproduce the overflow. Ive tried the usual http://target/null.shtml?AAAA<large_buffer>AAAA=x http://target/AAAA<large_buffer>AAAA.shtml etc but to no avail. I need this to update our IDS system and to write exploit code for the vulnerability (which I will share). Any help is greatly appreciated Kind Regards Gary
Current thread:
- Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow Vulnerability Gary O'leary-Steele (Sep 27)