Re: BO in http://rad.msn.com/ADSAdClient31.dll

[Scott Edwards <supadupa () gmail com>]

On Mar 30, 2005 3:14 AM, jamie fisher <contact_jamie_fisher () yahoo co uk> wrote:
> Link:  http://rad.msn.com/ADSAdClient31.dll 
>   
> Description:  Overflow a parameter's value 
>   
> Cause:  User input length is not limited thereby enabling buffer overflows 
>   
> Worst case:  Execute remote commands on the web server.  Under normal
> circumstances this would require compromise of the server and its contents. 
> Web application may not share its content.  Sylvia Saint may not let me have
> free free access to her private collection any more.  Bill may do the
> same... 
>   
> Comment:  I've not run malicious code on the server.  Just noticed it was
> vulnerable :-) 
>   
[snip]

Please elaborate.  You've provided a url to what appears to be a
CGI/ISAPI resource.  Did you obtain the actual dll?  If so, how did
you analyze it?  Show us your findings.  This is *full* disclosure. 
We want to evaluate the same information you've used to make your
conclusion, so we may make our own.

Thank you,


Scott Edwards
-- 
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us

Don't reply to me, I read the list!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/