Bugtraq mailing list archives
Re: NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
From: Berend-Jan Wever <skylined () edup tudelft nl>
Date: 19 Apr 2002 17:34:18 -0000
Hello! I believe this vulnerability can be exploited remotely because a browser like IE can remotely be redirected to the UNC path or made to open a file in a UNC path: The following pieces of code can be in a HTML page on the web or in a HTML email/newsgroup message: <IFRAME src="\\ip\sharename\......."></IFRAME> or <IMG src="\\ip\sharename\......."> or <SCRIPT src="\\ip\sharename\......."></SCRIPT> ...etc... Any user that visits the page or reads the message will locally try to open the page, and thus allow the vulnerability to be exploited. TO NSFOCUS: I have tried to reproduce the bug on my win 2000 system using the above tags in a HTML page in IE 6.0 but all I got was a 'invalid pointer' error. Also, I have tried to reply to you directly but the email bounced. Please give me some more information on how to produce the bug so I can do some testing on the remote exploit or test the scenario explain above yourself. Kinds regards, Berend-Jan Wever (I am replying this late because I'm having trouble posting to bugtraq through email and finally gave up and did it online at the site.)
Current thread:
- Re: NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow Berend-Jan Wever (Apr 19)