rundll32.exe buffer overflow

From: Rick (rikulat_private)
Date: Sun Jul 06 2003 - 11:42:42 PDT

Next message: OpenPKG: "[OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)"

Previous message: Ory Segal: "cPanel Malicious HTML Tags Injection Vulnerability"
Next in thread: wirepair: "Re: rundll32.exe buffer overflow"
Reply: wirepair: "Re: rundll32.exe buffer overflow"
Reply: Curt Wilson: "Re: rundll32.exe buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

 

There is buffer overflow in rundll32.exe when it is passed big string as
routine name for a module. I've tested this on WindowsXP SP1. But other
version of windows might be vuln.  

 

rundll32.exe  advpack32.dll,<'A'x499>   

 

advpack32.dll is just example. Any executable/dll  will work. The
cmdline does get converted to UNICODE. And EIP ends up being 00410041. 

 

-

Rick Patel

Next message: OpenPKG: "[OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)"
Previous message: Ory Segal: "cPanel Malicious HTML Tags Injection Vulnerability"
Next in thread: wirepair: "Re: rundll32.exe buffer overflow"
Reply: wirepair: "Re: rundll32.exe buffer overflow"
Reply: Curt Wilson: "Re: rundll32.exe buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 13:15:20 PDT