Microsoft Windows Locator Service Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Microsoft Windows Locator Service Buffer Overflow Vulnerability

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following proof of concept code was provided by obscou o <wishkah@chek.com> and Marcin Wolak:

/data/vulnerabilities/exploits/LOCATOR-Proof-of-concept.zip
/data/vulnerabilities/exploits/rpcexp.c