Re: cipher.exe overflow

From: K. K. Mookhey (ctoat_private)
Date: Tue Apr 22 2003 - 22:35:39 PDT

Next message: Dino Dai Zovi: "Re: Jump back to shellcode Windows overflow"

Previous message: Magnus Bodin: "MSIE crash-"feature""
In reply to: moran zavdi: "cipher.exe overflow"
Next in thread: moran zavdi: "Re: cipher.exe overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Moran,
Windows 2000 is full of local buffer overflows. We too reported a couple to MS, and then stopped looking. There was a discussion some time back on Nslookup having a local BO. I think the thread is here:
http://www.securityfocus.com/archive/82/315781

K. K. Mookhey
CTO,
Network Intelligence India Pvt. Ltd.
Web: www.nii.co.in
=================================
Security Auditing Software - AuditPro
http://www.nii.co.in/products.html
=================================

> 
> there is a problem with cipher.exe.
> overflow occurs when you add string of more than 256 chars.
> example:
> c:\> cipher.exe  <A * 257>
> 
> program will crash.
>

Next message: Dino Dai Zovi: "Re: Jump back to shellcode Windows overflow"
Previous message: Magnus Bodin: "MSIE crash-"feature""
In reply to: moran zavdi: "cipher.exe overflow"
Next in thread: moran zavdi: "Re: cipher.exe overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 14:28:14 PDT