Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow

• Previous message: damdum: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• In reply to: MadHat: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Next in thread: Riley Hassell: "Re: IIS .ASP Remote Buffer Overflow [testing for vulnerable installations]"
• Next in thread: incubus: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Reply: Riley Hassell: "Re: IIS .ASP Remote Buffer Overflow [testing for vulnerable installations]"
• Reply: InterceptiX Security: "Re: Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey all,

M> I have not been able to reproduce these results.  I have managed to lock
M> up IIS (IIS 5.0 with all patches pre Apr 1, 2002), but no popup messages
M> appear and no entries in the Application Log.  I have also been able get
M> the 100 Continue message (IIS 4.0 all patches pre Apr 1, 2002), but
M> still no popup or messages.

rule of thumb : It locks up <==> Heap is corrupted <==> vulnerable

Cheers,
dullienat_private

-- 
Mit freundlichen Grüssen
dullienat_private                            mailto:dullienat_private

• Next message: Riley Hassell: "Re: IIS .ASP Remote Buffer Overflow [testing for vulnerable installations]"
• Previous message: damdum: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• In reply to: MadHat: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Next in thread: Riley Hassell: "Re: IIS .ASP Remote Buffer Overflow [testing for vulnerable installations]"
• Next in thread: incubus: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Reply: Riley Hassell: "Re: IIS .ASP Remote Buffer Overflow [testing for vulnerable installations]"
• Reply: InterceptiX Security: "Re: Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 14:19:10 PDT