----- Original Message -----
From: <foob_at_return0.net>
To: <supergate_at_twlc.net>
Cc: <vuln-dev_at_securityfocus.com>
Sent: Friday, November 02, 2001 11:36 AM
Subject: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible
overflow in ms ftp client)
> (excuse the formatting, damn cmd.exe cut n paste sucks).
>
> "The instruction at "0x........" referenced memory at "0x41414141".
>
> Maybe a heap overflow. Probably usable to run code. Pointless-factor-10.
> As far as i can tell, the remote server doesnt need to exist - it crashes
> before the network is used.
i made some test sending string from the server to the client and
nothing.... so i guess its more useless than before
> One possible non-pointless use of such client overflows could be if you
> can remotely run commands on a machine, say through IIS, but not
> upload code. You could use this with some payload to execute
> arbitrary code. Probably.
yes this is obiuvsly possible
supergate.
Received on Nov 02 2001
Intro
