[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] upnphost null pointer fun

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] upnphost null pointer fun
From: ned <nd@xxxxxxxxxxxxxxxx>
Date: Sun, 7 Nov 2004 21:31:11 -0800 (PST)

unlike my other recent posts, i will revealing bug information which is 
NOT exploitable. i hope. i think they're properly diagnosed. i think.

in upnphost module which is the windows UPNP service (http://upnp.org) 
there is a couple of null pointer exceptions, i named them 'upnp1' and 
'upnp2' and POC code is availiable at http://felinemenace.org/~nd/upnp/

a quick demo using dumbug (http://phenoelit.de):
(cmdline 'python upnp1.py')
Debugger [INFO] Access violation at 5AFDDF5C
Tracer [WARNING] AccessViolation EIP = 5AFDDF5C while reading from 00000002
Tracer [WARNING] E_AccessViolation: Offending access not in mapped memory?
(cmdline 'python upnp2.py')
Debugger [INFO] Access violation at 5AFD7FEC
Tracer [WARNING] AccessViolation EIP = 5AFD7FEC while reading from 00000000
Tracer [WARNING] E_AccessViolation: Offending access not in mapped memory?

completely useless of course, does not even stop the UPNP service or lock 
up svchost. dumbug is pretty cool though when screeshots just wont do!
- nd

-- 
http://felinemenace.org/~nd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))
Next by Date: Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))
Previous by thread: RE: [Full-Disclosure] Blackbox: Elections fraud in 2004
Next by thread: [Full-Disclosure] Re: some js code
Index(es):
- Date
- Thread