Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows Explorer still vulnerable to ftp request buffer overflow

From: Rio Martin <root () VBME NET>
Date: Thu, 22 Feb 2001 10:22:58 +0700
IE version 5.00.2919.6700
I am running my own FTPD, and i try
ftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa in browser.
but cannot reproduce just like you said.
I am sure that this is could be FTP Client or FTPD under Windows that
vulnerable to buffer overflow.

Rio Martin.
www.marsudirinibekasi.org




----- Original Message -----
From: ByteRage
To: VULN-DEV () SECURITYFOCUS COM
Sent: Thursday, February 22, 2001 01:49
Subject: Windows Explorer still vulnerable to ftp request buffer overflow


Systems affected : Windows systems with Internet
Explorer 5.0 & 5.5
Original bug report for Internet Explorer 5.0 by :
Shane Hird

I recently found that windows (internet) explorer is
vulnerable to a buffer overflow when browsing to an
URL like :
ftp://ftphost.com/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/

(in this case ftphost.com signifies an ftp host the
system can login to, it could also be in the form
user:password@ftphost)

This buffer overflow can also be exploited via html
tags like <A HREF="insert URL here">CLICKME</A>
or javascript source like : <SCRIPT>location="insert
URL here";</SCRIPT>

The initial bug report on this issue was already
written by Shane Hird for IE5.0, but the bug still
seems to persist on Internet Explorer 5.5
(5.50.4134.0600) systems, as internet explorer is
still using the vulnerable version (5.00.2134.1000) of
MSIEFTP.DLL.

The buffer overflow doesnt seem to be easily
exploited, making this a low security risk
nonetheless.

======================================================
[ByteRage] <byterage () yahoo com> [www.byterage.cjb.net]
======================================================

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices!
http://auctions.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: