cipher.exe overflow

From: moran zavdi (moraniamat_private)
Date: Mon Apr 21 2003 - 06:59:42 PDT

Next message: Proxy Administrator: "defacement stats"

Previous message: Simayi: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
Next in thread: K. K. Mookhey: "Re: cipher.exe overflow"
Reply: K. K. Mookhey: "Re: cipher.exe overflow"
Reply: moran zavdi: "Re: cipher.exe overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

there is a problem with cipher.exe.
overflow occurs when you add string of more than 256 chars.
example:
c:\> cipher.exe  <A * 257>

program will crash.

anyway Microsoft response was:
"Thank you for your feedback. We are definitely commited to fixing this 
issue in Cipher.exe.
We've had several people look into this issue, and the biggest impact we've 
found that it has is a crash of the file which results in a local denial of 
service in the file itself."


Regards,

Moran Zavdi
DataSEC
http://www.data-sec.com


_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

Next message: Proxy Administrator: "defacement stats"
Previous message: Simayi: "Re: exploit code targeting OpenSSL and Mod_SSL ?"
Next in thread: K. K. Mookhey: "Re: cipher.exe overflow"
Reply: K. K. Mookhey: "Re: cipher.exe overflow"
Reply: moran zavdi: "Re: cipher.exe overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 22 2003 - 10:19:04 PDT