Open mvmendes opened 5 years ago
Thanks! Turns out there are quite a few similar issues in this file, where calls to sprintf
or strcat
could overflow buffers. I'm working on fixing them. One issue I will run into, though, is that I personally don't have a platform on which I can build and verify the changes. If anyone would be willing to help in that department, please let me know.
https://github.com/klacke/yaws/blob/493ecfe60d722be506bc3ee8a9b12c69bf1e3580/win32/yaws.c#L211 This line opens a local vulnerability that could be exploited by SEH Buffer Overflow technique. I exploited it, in this POC: (python)
EDX also overflowed to XXXX .