Re: Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow

From: InterceptiX Security (security@interceptix.com)
Date: 04/13/02


From: "InterceptiX Security" <security@interceptix.com>
To: <dullien@gmx.de>, "MadHat" <madhat@unspecific.com>
Date: Sat, 13 Apr 2002 01:52:10 +0300

Does the IIS server have to have the file iisstart.asp in order for the
exploit to work?

or is this just an asp call to prepare the heap

----- Original Message -----
From: <dullien@gmx.de>
To: "MadHat" <madhat@unspecific.com>
Cc: "Erik Parker" <eparker@mindsec.com>; "'Marc Maiffret'" <marc@eeye.com>;
"Vuln-Dev" <vuln-dev@securityfocus.com>
Sent: Friday, April 12, 2002 8:25 PM
Subject: Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow

> Hey all,
>
> M> I have not been able to reproduce these results. I have managed to
lock
> M> up IIS (IIS 5.0 with all patches pre Apr 1, 2002), but no popup
messages
> M> appear and no entries in the Application Log. I have also been able
get
> M> the 100 Continue message (IIS 4.0 all patches pre Apr 1, 2002), but
> M> still no popup or messages.
>
> rule of thumb : It locks up <==> Heap is corrupted <==> vulnerable
>
> Cheers,
> dullien@gmx.de
>
> --
> Mit freundlichen Grüssen
> dullien@gmx.de mailto:dullien@gmx.de
>