Hey all, Found another noteworthy overflow. I don't know the potential capabilties of this overflow. But what the hell, I'll send it in anyways :) Here are the steps to replicate this problem. 1.) Open up MSDEV 2.) Load up a sample program. For this lets load C:\winnt\system32\net1.exe 3.) When it's loaded press Alt+F7. 4.) Go to the debug tab. 5.) In the arguments type "send localhost Ax3000" (Send a lot. Probably around 3000 or so. I haven't narrowed the buffer down yet.) 6.) Click OK and execute the program by CTRL+F5. 7.) The net1.exe should heap overflow (just like how I found before). 8.) Exit net1.exe and then press F5 in MSDEV. 9.) Wait a couple seconds and then gape at it's nice overflow. For mine I send char 'x'. Just cause I like x: The instruction at "0x73e2c22d" referenced memory at "0x78787878". The memory could not be "read". Nice isn't it? I'll investigate it more after I am done investigating the heap overflow in net.exe. If your interested in researching this feel free to. I'd just like credit for finding it :) Have fun, p0p t4rtz p0pt4rtzat_private Netcrash Security Research http://www.netcrash.wronger.com _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
This archive was generated by hypermail 2b30 : Sun May 12 2002 - 08:59:14 PDT