ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)

["Matthew Murphy" <mattmurphy () kc rr com>]

ALERT: Working Resources BadBlue #2
Vendor Notified: July 8, 2002

Working Resources have been informed of a
pair of denial of service conditions in
the BadBlue PWS.

The first vulnerability lies in the way a
GET request is handled.  A specially
crafted GET request can crash the target
server.

Also, a remotely exploitable overflow was
found in an ISAPI that ships with the
server.  Exploitation of this vulnerability
will cause an access violation, and does
not seem to allow code execution.

Additional technical details will be made
available as fixes are released for the
vulnerabilities in question.

Alert Published July 8, 2002

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown