Reported July 6, 2003, by Rick Patel.
Windows XP SP1
· A buffer-overflow vulnerability exists in Windows XP Service Pack 1's (SP1's) rundll32.exe file.
The discoverer posted the following example as proof of concept:
The advpack32.dll file is only an example. Any executable or DLL will work. The command line is converted to UNICODE. And EIP (Execution Instruction Point) ends up being 00410041.
Microsoft hasn't yet responded to this problem.
Discovered by Rick Patel.