[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch
- To: "Full-Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch
- From: "FistFucker" <FistFuXXer@xxxxxx>
- Date: Fri, 16 Dec 2005 16:09:08 +0100
I've already tryed this but argument-skipping isn't supported by the called
function.
-FistFucker (aka FistFuXXer)
----- Original Message -----
From: "H D Moore" <fdlist@xxxxxxxxxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Friday, December 16, 2005 3:59 PM
Subject: Re: [Full-disclosure] iDEFENSE Security Advisory 12.06.05: Ipswitch
> This may not be a limitation if you can use the argument-skipping syntax
> in msvcrt (ie. %4000$x).
>
> -HD
>
> On Friday 16 December 2005 08:32, FistFucker wrote:
> >I don't think it's > exploitable because the user controlled string is
> >many thousand bytes away from the stack pointer and you can only send 512
> >bytes to the SMTP daemon.
> [snip]
> > If someone was able to exploit this, I would be interested in exploit
> > code or an explanation to learn from him.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/