Re: BO in http://rad.msn.com/ADSAdClient31.dll

[Dan Becker <geggam () gmail com>]

several times when accessing hotmail while running linux that dll was
pushed at me

here is a copy of one 

http:///www.bsdnixsolutions.com/ADSAdClient31.dll

<!--NOAD--><img src="http://global.msads.net/ads/defaultads/TR.gif?C=C&E=12&N=A0
3"/>

is all it contained

On Thu, 31 Mar 2005 05:53:39 -0700, Scott Edwards <supadupa () gmail com> wrote:
> On Mar 30, 2005 3:14 AM, jamie fisher <contact_jamie_fisher () yahoo co uk> wrote:
> > Link:  http://rad.msn.com/ADSAdClient31.dll
> >
> > Description:  Overflow a parameter's value
> >
> > Cause:  User input length is not limited thereby enabling buffer overflows
> >
> > Worst case:  Execute remote commands on the web server.  Under normal
> > circumstances this would require compromise of the server and its contents.
> > Web application may not share its content.  Sylvia Saint may not let me have
> > free free access to her private collection any more.  Bill may do the
> > same...
> >
> > Comment:  I've not run malicious code on the server.  Just noticed it was
> > vulnerable :-)
> [snip]
>
> Please elaborate.  You've provided a url to what appears to be a
> CGI/ISAPI resource.  Did you obtain the actual dll?  If so, how did
> you analyze it?  Show us your findings.  This is *full* disclosure.
> We want to evaluate the same information you've used to make your
> conclusion, so we may make our own.
>
> Thank you,
>
> Scott Edwards
> --
> Daxal Communications - http://www.daxal.com
> Surf the USA - http://www.surfthe.us
>
> Don't reply to me, I read the list!
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/