To know how can winhlp32 be exploited, read http://www.cerberus-infosec.co.uk/wpwhlpbuf.html . It's a fair simple concept, easy reading. Mind Booster Noori On Sat, 22 Mar 2003, K. K. Mookhey wrote: > Hi, > > On a related note, we had reported the following local BOs to MS. But since, neither they nor us could come up with any remote exploits for this, I guess members on this list could check it out. Some of these do not work on Win2K SP3, but do work on earlier versions. > > First: > C:\>regsvr32 AAAAAAA...(1300 times) > > Second: > C:\>winhlp32 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > aaaaaaaaaaaaaaaaaaaaa.exe > This one crashes only at a particular value of A's, not if its any more or if its any less. > > Again, unless any of these runs with elevated privileges, or someone feeds in data remotely to these exes, the buffer overflows do not represent a security risk. > > K. K. Mookhey > CTO, > Network Intelligence India Pvt. Ltd. > Web: www.nii.co.in > ================================= > Security Auditing Handbooks > http://www.nii.co.in/research/handbook.html > ================================= > > > > ----- Original Message ----- > Hi List, > > Can you do anything interesting with this?: > > C:\>nslookup > Default Server: dns.server.net > Address: 111.222.333.444 > > > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > > Gives error: memory can't be "read" - 0x414141 (aka A). > > -- =============================================================================== Marcos Marado AKA Mind Booster Noori =============================================================================== My PGP key: http://student.dei.uc.pt/~marado/pgp.txt Visit Mordor's (my band) WebPage on: http://www.mordor.freeurl.com Mail me to: maradoat_private =============================================================================== Don't get to bragging.
This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 10:22:23 PST