MFC Overflow Test Code

From: Matthew Murphy (mattmurphyat_private)
Date: Fri Jul 12 2002 - 16:53:30 PDT

  • Next message: jaehnelat_private: "RE: MacOS X SoftwareUpdate Vulnerability"

    I have been working on a piece of test code for the MFC
    buffer overflow reported in BID 5188.  The code has now
    been completed.
    
    The exploit is simply a DoS exploit that will overwrite heap
    data in a vulnerable ISAPI with 0x41 characters ('A').
    
    The overwritten data contains pointers accessed by MFC42.DLL,
    usually resulting in an access violation.
    
    Exploit Code: http://www.murphy.101main.net/mfcisapi.c
    Advisory: http://www.murphy.101main.net/vulns/2002-12.shtml
    
    "The reason the mainstream is thought
    of as a stream is because it is
    so shallow."
                         - Author Unknown
    



    This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 19:16:35 PDT