[30615] in bugtraq
rundll32.exe buffer overflow
daemon@ATHENA.MIT.EDU (Rick)
Mon Jul 7 16:15:53 2003
From: "Rick" <rikul@bellsouth.net>
To: <bugtraq@securityfocus.com>
Date: Sun, 6 Jul 2003 12:42:42 -0600
Message-ID: <000a01c343ee$62342d90$0100a8c0@ark>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hi,
There is buffer overflow in rundll32.exe when it is passed big string as
routine name for a module. I've tested this on WindowsXP SP1. But other
version of windows might be vuln.
rundll32.exe advpack32.dll,<'A'x499>
advpack32.dll is just example. Any executable/dll will work. The
cmdline does get converted to UNICODE. And EIP ends up being 00410041.
-
Rick Patel
