Hi,

On a related note, we had reported the following local BOs to MS. But since, neither they nor us could come up with any remote exploits for this, I guess members on this list could check it out. Some of these do not work on Win2K SP3, but do work on earlier versions.

First:
C:\>regsvr32 AAAAAAA...(1300 times)

Second:
C:\>winhlp32 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaa
aaaaaaaaaaaaaaaaaaaaa.exe
This one crashes only at a particular value of A's, not if its any more or if its any less.

Again, unless any of these runs with elevated privileges, or someone feeds in data remotely to these exes, the buffer overflows do not represent a security risk.

K. K. Mookhey
CTO,
Network Intelligence India Pvt. Ltd.
Web: www.nii.co.in
=================================
Security Auditing Handbooks
http://www.nii.co.in/research/handbook.html
=================================

----- Original Message -----
Hi List,

Can you do anything interesting with this?:

C:\>nslookup
Default Server: dns.server.net
Address: 111.222.333.444

> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Gives error: memory can't be "read" - 0x414141 (aka A).

[ reply ]