Re: Windows NT Spooler Service.

[Marc () EEYE COM (Marc)]

eEye is a full disclosure company but the blame must be pinned on me cause i
fubbled it up. I miss placed my information on the remote overflow and do
not remember exactly where it was. Hence no example exploit was in our
advisory like we try to do. Soon as I find it I will post it to bugtraq.

Some information to keep you busy until then:
Look through the print spooler API's for the word "pName" any API with pName
most likely works remote. Then check the API to see if it uses a structure.
The one that worked remotely had a structure you passed with the overflow
being in the structure when it gets read in. That should cut down the search
a lot.

Signed,
Marc
eEye Digital Security Team
http://www.eEye.com

-----Original Message-----
From: Avri Schneider <avri () ABIRNET CO IL>
To: BUGTRAQ () SECURITYFOCUS COM <BUGTRAQ () SECURITYFOCUS COM>
Date: Sunday, November 07, 1999 10:21 PM
Subject: Windows NT Spooler Service.

|Hi,
|
|Could someone please give some more information on the *REMOTE* buffer
overflows in the spooler service?
|Shouldn`t this be a full disclosure list?
|
|Thanks,
|Avri.
|