A denial of service exists in counter.exe version 2.70, a fairly popular webhit counter used on the Win32 platform with web servers such as IIS and WebSite Pro. There are two different bugs: 1) When someone requests : http://no-such-server-really/scripts/counter.exe?%0A this will create an entry in counter.log of a blank line then a ",1" . If the person then refreshes their browser and requests it again you get an Access Violation in counter.exe - the instruction at 0x00414c0a referenced memory at 0x00000000. 2) When someone requests: http://no-such-server-really/scripts/counter.exe?AAAAAover-2200-As you get a similar problem - though not a buffer overrun. Whilst in a state of "hanging" all other vaild requests for counter are queued and not dealt with until someone goes to the console and okays the AV messages. Added to this memory can be consumed if the page is continuosly requested. I mailed the author twice about this but as I have received no response I have nothing left to do but send this on. Cheers, David Litchfield http://www.infowar.co.uk/mnemonix http://www.arca.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:07 PDT