Bugtraq mailing list archives
Re: [VulnWatch] CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities
From: "wirepair" <wirepair () roguemail net>
Date: Tue, 12 Oct 2004 16:43:38 -0800
You missed the SEARCH IN <request> vector. I believe it calls the same heap alloc from STATXMEM.dll I was having some issues with the string becoming unicoded, but just yesterday I got an ascii overwrite (in the debugger only tho :/). Oh well looks like you snuffed the bug I was working on in the process :). Obviously MS fixed this bug in the recent patch. Another thing to note, when requesting ('s I noticed that an internal function was matching my ( with a ) since they were using lstrcpy it totally smashed the heap structures when it became unicode'd. But they appeared to fix that as well. -wire On Tue, 12 Oct 2004 15:48:49 -0300 CORE Security Technologies Advisories <advisories () coresecurity com> wrote:
Core Security Technologies Advisory http://www.coresecurity.com IIS NNTP Service XPAT Command Vulnerabilities
-- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf
Current thread:
- CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities CORE Security Technologies Advisories (Oct 12)
- Re: [VulnWatch] CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities wirepair (Oct 15)