[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IIS Vulnerability Content-Type overflow


at4r wrote:
while testing a few days ago how to reproduce the lastest mdac rds
vulnerability i found that a specially malformed http request to an IIS
Webserver can allow a buffer overflow.

* I don't see a crash
* I don't see "big CPU consume". If I flood with this at 2.8MB/s (!)
  I get ~25% CPU usage @ AMD 1800+.
* You can get the same thing with: perl -e 'print "A"x200000'|nc <IP> 80


	Bram Matthys (Syzop).