Reported July 6, 2003, by Rick Patel.

 

 

VERSIONS AFFECTED

 

  • Windows XP SP1

 

DESCRIPTION

 

<span style="font-family: Symbol">·<span style='font:7.0pt "Times New Roman"'>         </h3></h3><span style="font-family:Verdana">A buffer-overflow vulnerability exists in Windows XP Service Pack 1's (SP1's) rundll32.exe file.</h3> <span style="font-family:Verdana"> </h3>

DEMONSTRATION

 

The discoverer posted the following example as proof of concept:

 

rundll32.exe  advpack32.dll,<’A’x499>  

 

The advpack32.dll file is only an example. Any executable or DLL will work. The command line is converted to UNICODE. And EIP (Execution Instruction Point) ends up being 00410041.

 

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.microsoft.com/" style="color: blue; text-decoration: underline; text-underline: single">Microsoft</a> hasn't yet responded to this problem.</h3>

 

CREDIT                                                                                                       
Discovered by Rick Patel.