rundll32.exe buffer overflow

Full Version: rundll32.exe buffer overflow

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

GSecur

Jul 9 2003, 05:27 PM

Hi,

There is buffer overflow in rundll32.exe when it is passed big string as
routine name for a module. I've tested this on WindowsXP SP1. But other
version of windows might be vuln.

rundll32.exe advpack32.dll,<'A'x499>

advpack32.dll is just example. Any executable/dll will work. The
cmdline does get converted to UNICODE. And EIP ends up being 00410041.

-

Rick Patel

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.