MFC Overflow Test Code

From: Matthew Murphy (mattmurphyat_private)
Date: Fri Jul 12 2002 - 16:53:30 PDT

Next message: jaehnelat_private: "RE: MacOS X SoftwareUpdate Vulnerability"

Previous message: Chris Wysopal: "Re: MFC ISAPI Framework Buffer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have been working on a piece of test code for the MFC
buffer overflow reported in BID 5188.  The code has now
been completed.

The exploit is simply a DoS exploit that will overwrite heap
data in a vulnerable ISAPI with 0x41 characters ('A').

The overwritten data contains pointers accessed by MFC42.DLL,
usually resulting in an access violation.

Exploit Code: http://www.murphy.101main.net/mfcisapi.c
Advisory: http://www.murphy.101main.net/vulns/2002-12.shtml

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

Next message: jaehnelat_private: "RE: MacOS X SoftwareUpdate Vulnerability"
Previous message: Chris Wysopal: "Re: MFC ISAPI Framework Buffer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 19:16:35 PDT