Re: Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow

["InterceptiX Security" <security () interceptix com>]

Does the IIS server have to have the file iisstart.asp in order for the
exploit to work?

or is this just an asp call to prepare the heap


----- Original Message -----
From: <dullien () gmx de>
To: "MadHat" <madhat () unspecific com>
Cc: "Erik Parker" <eparker () mindsec com>; "'Marc Maiffret'" <marc () eeye com>;
"Vuln-Dev" <vuln-dev () securityfocus com>
Sent: Friday, April 12, 2002 8:25 PM
Subject: Re[2]: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow


> Hey all,
>
> M> I have not been able to reproduce these results.  I have managed to
lock
> M> up IIS (IIS 5.0 with all patches pre Apr 1, 2002), but no popup
messages
> M> appear and no entries in the Application Log.  I have also been able
get
> M> the 100 Continue message (IIS 4.0 all patches pre Apr 1, 2002), but
> M> still no popup or messages.
>
> rule of thumb : It locks up <==> Heap is corrupted <==> vulnerable
>
> Cheers,
> dullien () gmx de
>
> --
> Mit freundlichen Grüssen
> dullien () gmx de                            mailto:dullien () gmx de