Bugtraq: Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC

From: Steve Friedl <steve () unixwiz net>
Date: Fri, 31 Dec 2004 10:52:27 -0800

On Fri, Dec 31, 2004 at 07:09:02PM +0100, Alberto Garcia Hierro wrote:

+#define Sleep(x) sleep(x)


This isn't the same thing: under Win32, Sleep is in *milliseconds*, while on
UNIX it's *seconds* - that's going to take a long, long time if you run this.

#ifdef unix
#  ...
#  define Sleep(x)      sleep(((x)+500)/1000)
#  ...
#endif

-- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve () unixwiz net

By Date By Thread

Current thread:

[EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC houseofdabus HOD (Dec 31)
- Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC Alberto Garcia Hierro (Dec 31)
  - Re: [EXPL] (MS04-031) NetDDE buffer overflow vulnerability PoC Steve Friedl (Dec 31)