| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a53adc4605033104531d3b4780@mail.gmail.com> Date: Thu Mar 31 13:53:44 2005 From: supadupa at gmail.com (Scott Edwards) Subject: BO in http://rad.msn.com/ADSAdClient31.dll On Mar 30, 2005 3:14 AM, jamie fisher <contact_jamie_fisher@...oo.co.uk> wrote: > Link: http://rad.msn.com/ADSAdClient31.dll > > Description: Overflow a parameter's value > > Cause: User input length is not limited thereby enabling buffer overflows > > Worst case: Execute remote commands on the web server. Under normal > circumstances this would require compromise of the server and its contents. > Web application may not share its content. Sylvia Saint may not let me have > free free access to her private collection any more. Bill may do the > same... > > Comment: I've not run malicious code on the server. Just noticed it was > vulnerable :-) > [snip] Please elaborate. You've provided a url to what appears to be a CGI/ISAPI resource. Did you obtain the actual dll? If so, how did you analyze it? Show us your findings. This is *full* disclosure. We want to evaluate the same information you've used to make your conclusion, so we may make our own. Thank you, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us Don't reply to me, I read the list!
Powered by blists - more mailing lists