Vulnerability Development mailing list archives

All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)

From: "Marc Maiffret" <marc () eeye com>
Date: Mon, 18 Jun 2001 16:54:03 -0700

I didnt want to spam you all with the full advisory but I thought you guys
might like Ryan Permehs note on wide character overflow exploitation. It is
in "The Exploit" section of our advisory.

He talks about it in our latest IIS .ida ISAPI overflow advisory:
http://www.eeye.com/html/Research/Advisories/AD20010618.html

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Web Application Firewall

Current thread:

All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access) Marc Maiffret (Jun 19)
- Re: All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access) Stefan R. (Jun 20)