All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)

From: Marc Maiffret (marcat_private)
Date: Mon Jun 18 2001 - 16:54:03 PDT

Next message: Michel Arboi: "Re: Antivirus scanner DoS with zip archives"

Previous message: Clinton Smith: "Microsoft Office XP and Outlook in HTML Format"
Next in thread: Stefan R.: "Re: All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)"
Reply: Stefan R.: "Re: All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I didnt want to spam you all with the full advisory but I thought you guys
might like Ryan Permehs note on wide character overflow exploitation. It is
in "The Exploit" section of our advisory.

He talks about it in our latest IIS .ida ISAPI overflow advisory:
http://www.eeye.com/html/Research/Advisories/AD20010618.html

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Web Application Firewall

Next message: Michel Arboi: "Re: Antivirus scanner DoS with zip archives"
Previous message: Clinton Smith: "Microsoft Office XP and Outlook in HTML Format"
Next in thread: Stefan R.: "Re: All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)"
Reply: Stefan R.: "Re: All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 10:22:30 PDT