WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

w3wp remote DoS

From: "Debasis Mohanty" <debasis () hackingspirits com>
Date: Wed, 22 Mar 2006 07:54:22 +0530
Sorry, if you are receiving multiple copies of it. Just resending as the one
that I sent last night has not yet appeared.

w3wp remote DoS due to improper reference of STA COM components in ASP.NET
===========================================================================

Vendor: Microsoft Corporation
MSRC (Microsoft Security Response Center) Case No: MSRC 6367sd Product Info:
IIS Worker Process (w3wp)

I. BACKGROUND
Early last year while I was trying out few canonicalization attacks on sites
running asp.net applications, I came across an un-expected remote DoS
against the worker process (i.e. w3wp). As the frequency of success was
*random*, I didn't took much interest in it. However during one more test in
my home lab, I was able to reproduce the same w3wp crash again (almost with
7 out of 10 success ratio) which is why I thought of debugging and
investigating more on this issue.

After working for more than one month with Microsoft (MSRC) on this issue,
it is finally concluded that the crash can occur un-expectedly and is due to
improper reference of COM or COM+ in the asp.net applications. Often
developers forget to use the AspCompat directive which is required while
referencing COM components in ASP.NET. Below are the links which provides
the insight on the appropriate usage of AspCompat :
http://msdn2.microsoft.com/en-us/library/zwk9h2kb.aspx
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/
dbgch04.asp


II.     PROOF-OF-CONCEPT
The exploit code and the PoC details can be downloaded from the following
link:
http://hackingspirits.com/vuln-rnd/vuln-rnd.html

Regards,
Debasis Mohanty



-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: