Reported July
6, 2003, by Rick Patel.
VERSIONS
AFFECTED
Windows XP SP1
DESCRIPTION
DEMONSTRATION
The discoverer posted the following example as proof of concept:
rundll32.exe
advpack32.dll,<’A’x499>
The advpack32.dll file
is only an example. Any executable or DLL will work. The command line is
converted to UNICODE. And EIP (Execution Instruction Point) ends up being
00410041.
VENDOR
RESPONSE
CREDIT
· A buffer-overflow vulnerability exists in Windows XP Service Pack 1's (SP1's) rundll32.exe file.
Microsoft hasn't yet responded to this problem.
Discovered by
Rick Patel.
Buffer Overflow in Windows XP SP1's rundll32.exe
1 comment
Hide comments