Full Disclosure mailing list archives
upnphost null pointer fun
From: ned <nd () felinemenace org>
Date: Sun, 7 Nov 2004 21:31:11 -0800 (PST)
unlike my other recent posts, i will revealing bug information which is NOT exploitable. i hope. i think they're properly diagnosed. i think. in upnphost module which is the windows UPNP service (http://upnp.org) there is a couple of null pointer exceptions, i named them 'upnp1' and 'upnp2' and POC code is availiable at http://felinemenace.org/~nd/upnp/ a quick demo using dumbug (http://phenoelit.de): (cmdline 'python upnp1.py') Debugger [INFO] Access violation at 5AFDDF5C Tracer [WARNING] AccessViolation EIP = 5AFDDF5C while reading from 00000002 Tracer [WARNING] E_AccessViolation: Offending access not in mapped memory? (cmdline 'python upnp2.py') Debugger [INFO] Access violation at 5AFD7FEC Tracer [WARNING] AccessViolation EIP = 5AFD7FEC while reading from 00000000 Tracer [WARNING] E_AccessViolation: Offending access not in mapped memory? completely useless of course, does not even stop the UPNP service or lock up svchost. dumbug is pretty cool though when screeshots just wont do! - nd -- http://felinemenace.org/~nd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- upnphost null pointer fun ned (Nov 07)