Vulnerability Development mailing list archives
Re: Windows Explorer still vulnerable to ftp request buffer overflow
From: Rio Martin <root () VBME NET>
Date: Thu, 22 Feb 2001 10:22:58 +0700
IE version 5.00.2919.6700 I am running my own FTPD, and i try ftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa in browser. but cannot reproduce just like you said. I am sure that this is could be FTP Client or FTPD under Windows that vulnerable to buffer overflow. Rio Martin. www.marsudirinibekasi.org ----- Original Message ----- From: ByteRage To: VULN-DEV () SECURITYFOCUS COM Sent: Thursday, February 22, 2001 01:49 Subject: Windows Explorer still vulnerable to ftp request buffer overflow Systems affected : Windows systems with Internet Explorer 5.0 & 5.5 Original bug report for Internet Explorer 5.0 by : Shane Hird I recently found that windows (internet) explorer is vulnerable to a buffer overflow when browsing to an URL like : ftp://ftphost.com/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/ (in this case ftphost.com signifies an ftp host the system can login to, it could also be in the form user:password@ftphost) This buffer overflow can also be exploited via html tags like <A HREF="insert URL here">CLICKME</A> or javascript source like : <SCRIPT>location="insert URL here";</SCRIPT> The initial bug report on this issue was already written by Shane Hird for IE5.0, but the bug still seems to persist on Internet Explorer 5.5 (5.50.4134.0600) systems, as internet explorer is still using the vulnerable version (5.00.2134.1000) of MSIEFTP.DLL. The buffer overflow doesnt seem to be easily exploited, making this a low security risk nonetheless. ====================================================== [ByteRage] <byterage () yahoo com> [www.byterage.cjb.net] ====================================================== __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/
Current thread:
- Windows Explorer still vulnerable to ftp request buffer overflow ByteRage (Feb 21)
- Re: Windows Explorer still vulnerable to ftp request buffer overflow Rio Martin (Feb 22)