Lucene search
counter.exe.2.70.dos.txt
🗓️ 17 Aug 1999 00:00:00Reported by David LitchfieldType 
packetstorm🔗 packetstormsecurity.com👁 21 Views
Denial of service vulnerabilities in counter.exe version 2.70 on Win32 web servers identified.
Show more
`Date: Wed, 19 May 1999 02:00:11 +0100
From: Mnemonix <[email protected]>
To: [email protected]
Subject: Denial of Service in Counter.exe version 2.70
A denial of service exists in counter.exe version 2.70, a fairly popular
webhit counter used on the Win32 platform with web servers such as IIS and
WebSite Pro. There are two different bugs:
1) When someone requests :
http://no-such-server-really/scripts/counter.exe?%0A this will create an
entry in counter.log of a blank line then a ",1" . If the person then
refreshes their browser and requests it again you get an Access Violation in
counter.exe - the instruction at 0x00414c0a referenced memory at 0x00000000.
2) When someone requests:
http://no-such-server-really/scripts/counter.exe?AAAAAover-2200-As you get a
similar problem - though not a buffer overrun.
Whilst in a state of "hanging" all other vaild requests for counter are
queued and not dealt with until someone goes to the console and okays the AV
messages. Added to this memory can be consumed if the page is continuosly
requested.
I mailed the author twice about this but as I have received no response I
have nothing left to do but send this on.
Cheers,
David Litchfield
http://www.infowar.co.uk/mnemonix
http://www.arca.com
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4