Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

From: Nicolas Gregoire (ngregoire@exaprobe.com)
Date: 03/18/03

  • Next message: the1@unixclan.net: "RE: command-line reverse connection tunnel?" 
    From: Nicolas Gregoire <ngregoire@exaprobe.com>
To: Gary O'leary-Steele <garyo@sec-1.com>
Date: 18 Mar 2003 21:25:36 +0100

    > I am planning to write exploit code for the Microsoft Windows 2000 WebDAV
    > Buffer Overflow Vulnerability. However I don't have enough information about
    > the vulnerability, e.g. which webdav component is vulnerable, how it is
    > exploited i.e. where does the large string need to be to cause the overrun.
    > I don't know webdav but if i get enough information about the request i need
    > to send to the web server to cause a crash I will write some exploit code
    > (in perl) and share with the community.

    You could give a look to the related Nessus plugin :
    http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/iis_webdav_overflow.nasl

    Regards, 

    -- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire@exaprobe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F

  • Next message: the1@unixclan.net: "RE: command-line reverse connection tunnel?"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #159
      ... The newest web app vulnerability... ... MICROSOFT VULNERABILITY SUMMARY ... Rit Research Labs TinyWeb Server Remote Denial of Service Vu... ... mIRC DCC SEND Buffer Overflow Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #130
      ... Remote Desktop Management Solution for Microsoft ... XChat Server Strings Buffer Overflow Vulnerability ... BitchX Remote Cluster() Heap Corruption Vulnerability ... Microsoft Windows 2000 ntdll.dll Buffer Overflow Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #344
      ... MICROSOFT VULNERABILITY SUMMARY ... Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability ... EDraw Office Viewer Component EDrawOfficeViewer.OCX ActiveX Control Buffer Overflow Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #290
      ... Microsoft Infotech Storage Library Heap Corruption Vulnerability ... Intervations FileCopa User Command Remote Buffer Overflow Vulnerability ... XM Easy Personal FTP Server Unspecified Authentication Buffer Overflow Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #359
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability ... Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability ... Microsoft Visual Studio VB To VSI Support Library ActiveX Control is prone to a vulnerability that lets attackers overwrite arbitrary files. ...
      (Focus-Microsoft)