Re: NSLOOKUP.EXE

From: Marcos D. Marado Torres (maradoat_private)
Date: Mon Mar 24 2003 - 04:32:32 PST

Next message: Vladimir Katalov: "Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged"

Previous message: Philip Storry: "Re: Backup Agents"
In reply to: K. K. Mookhey: "Re: NSLOOKUP.EXE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To know how can winhlp32 be exploited, read http://www.cerberus-infosec.co.uk/wpwhlpbuf.html .
It's a fair simple concept, easy reading.

Mind Booster Noori

On Sat, 22 Mar 2003, K. K. Mookhey wrote:

> Hi,
>
> On a related note, we had reported the following local BOs to MS. But since, neither they nor us could come up with any remote exploits for this, I guess members on this list could check it out. Some of these do not work on Win2K SP3, but do work on earlier versions.
>
> First:
> C:\>regsvr32 AAAAAAA...(1300 times)
>
> Second:
> C:\>winhlp32 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaa.exe
> This one crashes only at a particular value of A's, not if its any more or if its any less.
>
> Again, unless any of these runs with elevated privileges, or someone feeds in data remotely to these exes, the buffer overflows do not represent a security risk.
>
> K. K. Mookhey
> CTO,
> Network Intelligence India Pvt. Ltd.
> Web: www.nii.co.in
> =================================
> Security Auditing Handbooks
> http://www.nii.co.in/research/handbook.html
> =================================
>
>
>
> ----- Original Message -----
> Hi List,
>
> Can you do anything interesting with this?:
>
> C:\>nslookup
> Default Server:  dns.server.net
> Address:  111.222.333.444
>
> > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> Gives error: memory can't be "read" - 0x414141 (aka A).
>
>

-- 
===============================================================================
 Marcos Marado AKA Mind Booster Noori
===============================================================================
	      My PGP key: http://student.dei.uc.pt/~marado/pgp.txt
      Visit Mordor's (my band) WebPage on: http://www.mordor.freeurl.com
                     Mail me to: maradoat_private
===============================================================================
Don't get to bragging.

Next message: Vladimir Katalov: "Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged"
Previous message: Philip Storry: "Re: Backup Agents"
In reply to: K. K. Mookhey: "Re: NSLOOKUP.EXE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 10:22:23 PST