Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

counter.exe.2.70.dos.txt

🗓️ 17 Aug 1999 00:00:00Reported by David LitchfieldType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Denial of service vulnerabilities in counter.exe version 2.70 on Win32 web servers identified.

Code
`Date: Wed, 19 May 1999 02:00:11 +0100  
From: Mnemonix <[email protected]>  
To: [email protected]  
Subject: Denial of Service in Counter.exe version 2.70  
  
  
A denial of service exists in counter.exe version 2.70, a fairly popular  
webhit counter used on the Win32 platform with web servers such as IIS and  
WebSite Pro. There are two different bugs:  
  
1) When someone requests :  
http://no-such-server-really/scripts/counter.exe?%0A this will create an  
entry in counter.log of a blank line then a ",1" . If the person then  
refreshes their browser and requests it again you get an Access Violation in  
counter.exe - the instruction at 0x00414c0a referenced memory at 0x00000000.  
  
2) When someone requests:  
http://no-such-server-really/scripts/counter.exe?AAAAAover-2200-As you get a  
similar problem - though not a buffer overrun.  
  
Whilst in a state of "hanging" all other vaild requests for counter are  
queued and not dealt with until someone goes to the console and okays the AV  
messages. Added to this memory can be consumed if the page is continuosly  
requested.  
  
I mailed the author twice about this but as I have received no response I  
have nothing left to do but send this on.  
Cheers,  
David Litchfield  
http://www.infowar.co.uk/mnemonix  
http://www.arca.com  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
denial of servicecounter.exeversion 2.70webhit counterwin32 platformaccess violationmemory consumptionbug report
23