Hosting Provided By

Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability

From: Gary O'leary-Steele <garyo(at)sec-1.com>
Date: Tue Mar 18 2003 - 05:05:30 EST

Hi all,

I am planning to write exploit code for the Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability. However I don't have enough information about the vulnerability, e.g. which webdav component is vulnerable, how it is exploited i.e. where does the large string need to be to cause the overrun. I don't know webdav but if i get enough information about the request i need to send to the web server to cause a crash I will write some exploit code (in perl) and share with the community.

Any help is greatly appreciated.

Thanks in advance.

Regards,
Gary O'leary-Steele
Sec-1 Ltd

Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html Received on Tue Mar 18 11:20:45 2003

This message: [ Message body ]
Next message: Oliver.Karow(at)gmx.de: "IMAP password cracker?"
Previous message: Paul Bakker: "RE: command-line reverse connection tunnel?"
Next in thread: Nicolas Gregoire: "Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
Reply: Nicolas Gregoire: "Re: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"
Reply: Curt Purdy: "RE: Microsoft Windows 2000 WebDAV Buffer Overflow Vulnerability"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:34 EDT