BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY

From: ][-][UNTER (lophtat_private)
Date: Wed Feb 27 2002 - 02:00:39 PST

Next message: Ed Moyle: "mod_ssl Buffer Overflow Condition (Update Available)"

Previous message: 3APA3A: "LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup"
Next in thread: Alun Jones: "Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY"
Reply: Alun Jones: "Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Bugtraq !!


BPM STUDIO PRO 4.2 is one of the most famous mp3 mixer and player and it has
an http server implementation for manage the player via the web browser.

Unfortunatly, when you perform a simple http request like:
http://BPM-HOST/con/con
you can crash instantly non-patched Win9x host with a simple Blue Screen !!

HTTP daemon is not activated by default

bye bye

-----------------------------------------------
               ][-][UNTER
Infobyte Security Research Crew
       Buenos Aires, Argentina
-----------------------------------------------

Next message: Ed Moyle: "mod_ssl Buffer Overflow Condition (Update Available)"
Previous message: 3APA3A: "LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup"
Next in thread: Alun Jones: "Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY"
Reply: Alun Jones: "Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 15:49:25 PST