Home page logo
/

Vulnerability Development mailing list archives

w3wp remote DoS
From: "Debasis Mohanty" <debasis () hackingspirits com>
Date: Wed, 22 Mar 2006 07:51:22 +0530

Sorry, if you are receiving multiple copies of it. Just resending as the one
that I sent last night has not yet appeared.

w3wp remote DoS due to improper reference of STA COM components in ASP.NET
===========================================================================

Vendor: Microsoft Corporation
MSRC (Microsoft Security Response Center) Case No: MSRC 6367sd Product Info:
IIS Worker Process (w3wp)

I. BACKGROUND
Early last year while I was trying out few canonicalization attacks on sites
running asp.net applications, I came across an un-expected remote DoS
against the worker process (i.e. w3wp). As the frequency of success was
*random*, I didn't took much interest in it. However during one more test in
my home lab, I was able to reproduce the same w3wp crash again (almost with
7 out of 10 success ratio) which is why I thought of debugging and
investigating more on this issue.

After working for more than one month with Microsoft (MSRC) on this issue,
it is finally concluded that the crash can occur un-expectedly and is due to
improper reference of COM or COM+ in the asp.net applications. Often
developers forget to use the AspCompat directive which is required while
referencing COM components in ASP.NET. Below are the links which provides
the insight on the appropriate usage of AspCompat :
http://msdn2.microsoft.com/en-us/library/zwk9h2kb.aspx
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/
dbgch04.asp


II.     PROOF-OF-CONCEPT
The exploit code and the PoC details can be downloaded from the following
link:
http://hackingspirits.com/vuln-rnd/vuln-rnd.html

Regards,
Debasis Mohanty



  By Date           By Thread  

Current thread:
  • w3wp remote DoS Debasis Mohanty (Mar 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]