Vulnerability Development mailing list archives
Re: dvwssr.dll (Has anyone verified whether is is valid?)
From: marc () EEYE COM (Marc)
Date: Sat, 15 Apr 2000 10:56:43 -0700
If the server is crashing then we should be executing as SYSTEM ... much like the .htr ISAPI overflow. So that basically means if you have execute access to dvwssr.dll the server can be bent over and welll ... its not good. Signed, Marc eEye Digital Security http://www.eEye.com ----- Original Message ----- From: Blue Boar <BlueBoar () THIEVCO COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Saturday, April 15, 2000 9:53 AM Subject: Re: dvwssr.dll (Has anyone verified whether is is valid?) | Marc wrote: | > | > <snip> | > | What normal/valid purpose does the dvwssr.dll have? | > | > Nothing really. You don't need it. | > | | Here's a hint from one of the MS advisories: | | ===== | Dvwssr.dll is a server-side component used to support the Link View | feature in Visual Interdev 1.0. However, it contains an unchecked | buffer. If overrun with random data, it could be used to cause an | affected server to crash. | | BB |
Current thread:
- Has anyone verified whether is is valid? M J (Apr 14)
- Re: Has anyone verified whether is is valid? Joe (Apr 14)
- Re: Has anyone verified whether is is valid? Ron DuFresne (Apr 14)
- Re: Has anyone verified whether is is valid? Ryan Permeh (Apr 14)
- Re: Has anyone verified whether is is valid? Maxime Rousseau (Apr 14)
- <Possible follow-ups>
- Re: Has anyone verified whether is is valid? Hugo Gayosso (Apr 14)
- Re: Has anyone verified whether is is valid? Marc (Apr 14)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Blue Boar (Apr 14)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Marc (Apr 14)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Blue Boar (Apr 15)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Marc (Apr 15)
- Re: dvwssr.dll (Has anyone verified whether is is valid?) Blue Boar (Apr 14)
- Oulook password Hap2782 (Apr 15)
- Re: Oulook password Blue Boar (Apr 15)
- [Fwd: R: Oulook password] Blue Boar (Apr 15)