----- Original Message ----- From: <foobat_private> To: <supergateat_private> Cc: <vuln-devat_private> Sent: Friday, November 02, 2001 11:36 AM Subject: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) > (excuse the formatting, damn cmd.exe cut n paste sucks). > > "The instruction at "0x........" referenced memory at "0x41414141". > > Maybe a heap overflow. Probably usable to run code. Pointless-factor-10. > As far as i can tell, the remote server doesnt need to exist - it crashes > before the network is used. i made some test sending string from the server to the client and nothing.... so i guess its more useless than before > One possible non-pointless use of such client overflows could be if you > can remotely run commands on a machine, say through IIS, but not > upload code. You could use this with some payload to execute > arbitrary code. Probably. yes this is obiuvsly possible supergate.
This archive was generated by hypermail 2b30 : Fri Nov 02 2001 - 09:30:48 PST