eEye is a full disclosure company but the blame must be pinned on me cause i fubbled it up. I miss placed my information on the remote overflow and do not remember exactly where it was. Hence no example exploit was in our advisory like we try to do. Soon as I find it I will post it to bugtraq. Some information to keep you busy until then: Look through the print spooler API's for the word "pName" any API with pName most likely works remote. Then check the API to see if it uses a structure. The one that worked remotely had a structure you passed with the overflow being in the structure when it gets read in. That should cut down the search a lot. Signed, Marc eEye Digital Security Team http://www.eEye.com -----Original Message----- From: Avri Schneider <avriat_private> To: BUGTRAQat_private <BUGTRAQat_private> Date: Sunday, November 07, 1999 10:21 PM Subject: Windows NT Spooler Service. |Hi, | |Could someone please give some more information on the *REMOTE* buffer overflows in the spooler service? |Shouldn`t this be a full disclosure list? | |Thanks, |Avri. |
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:54 PDT