[26162] in bugtraq
MFC Overflow Test Code
daemon@ATHENA.MIT.EDU (Matthew Murphy)
Fri Jul 12 22:25:32 2002
Message-ID: <000e01c229ff$52ec1c80$e62d1c41@kc.rr.com>
From: "Matthew Murphy" <mattmurphy@kc.rr.com>
To: <vuldb@securityfocus.com>, <bugtraq@securityfocus.com>
Date: Fri, 12 Jul 2002 18:53:30 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
I have been working on a piece of test code for the MFC
buffer overflow reported in BID 5188. The code has now
been completed.
The exploit is simply a DoS exploit that will overwrite heap
data in a vulnerable ISAPI with 0x41 characters ('A').
The overwritten data contains pointers accessed by MFC42.DLL,
usually resulting in an access violation.
Exploit Code: http://www.murphy.101main.net/mfcisapi.c
Advisory: http://www.murphy.101main.net/vulns/2002-12.shtml
"The reason the mainstream is thought
of as a stream is because it is
so shallow."
- Author Unknown
