Vulnerability Development mailing list archives
Question on new umpnpmgr wsprinfW buffer overflow
From: A A <hd78432 () yahoo com>
Date: Sat, 29 Oct 2005 08:36:40 -0700 (PDT)
I have downloaded the available exploit for the latest buffer overflow for umpnpmgr.dll available on the net. Running the code umpnp_poc.c compiled out of the box run against a windows xp sp1 box does not appear to do anything. I have attached windbg to the services process , and when I execute the code for the buffer overflow the debugger does not catch any exeception. I have tried modifying event filters in windbg but the program still does not break at any point. I do not have much experience in working with rpc calls. The exploit attempts to connect to \\hostname\pipe\browser. According to eeye you need to connect to a different location than \pipe\browser. You need to connect to \pipe\ntsvcs (or a different location, you can see the post on their site) and reaching this area requires authentication. Would it be possible for someone to modify this example exploit to show a working Win XP exploit? Could someone please point me in the direction of a paper that would explain how the rpc portion of this exploit works? I understand how to buffer overflow a program, but it looks like the example exploit isn't working in Windows XP. I need to figure out why, and I don't know enough about rpc to be able to figure out why this example exploit does not work in Windows XP. If anyone has used windbg to debug a windows process in the past to locate a buffer overflow, please let me know if any of the steps I have followed need to be changed. Any help greatly appreciated. __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs
Current thread:
- Question on new umpnpmgr wsprinfW buffer overflow A A (Oct 31)