Overflow in MS PWS

Summary

Description:	typical buffer overflow
Author:	Gurney Halleck <gurneyh@ix.netcom.com>
Compromise:	Crash the personal web server (it is also possible that you could be able to execute arbitrary code remotely)
Vulnerable Systems:	Those running MS Personal Web Server (pws32/2.0.2.1112), it is apparently packaged with FrontPage 97.
Date:	15 January 1998

Details

Date: Thu, 15 Jan 1998 12:03:30 -0700
From: Gurney Halleck <gurneyh@ix.netcom.com>
To: dc-stuff <dc-stuff@merde.dis.org>
Subject: Buffer overflow with MS PWS

I don't know if this has ever been reported.  I did check MS Technical
support but didn't find anything.

While goofing with MS Personal Web Server (pws32/2.0.2.1112) that came
packaged with FrontPage 97 and running under NT 3.51 , I found that the
following URL will crash PWS.

http://PWS_Name/1234567890123456789012345678901234567890123456789012345678901234
56789012345678901234567890123456789012345678901234567890123456789012345678901234
567890123456789

Where PWS_Name is the domain name of the PWS server and the long string
is 159 chars.

I have no idea if it is exploitable beyond just crashing PWS.
It bombs out with an Exception: access violation as reported by Dr.
Watson.
-- 
Gurney Halleck <gurneyh@ix.netcom.com> 
UIN:3268715                       
Visit my Web 'Zine: Little Albert ( http://www.littleal.pair.com )
For my pub key:
http://pgp.ai.mit.edu:11371/pks/lookup?op=get&search=Gurney+Halleck
Key fingerprint =  C7 D3 2F 1D 16 7F FC E4  A3 95 D7 AD C0 38 9D AC

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:

All OS's	Linux	Solaris/SunOS	Micro$oft
*BSD	Macintosh	AIX	IRIX
ULTRIX/Digital UNIX	HP/UX	SCO	Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: