Re: MFC ISAPI Framework Buffer Overflow

2002-07-12 Thread Chris Wysopal
In-Reply-To: <001901c228f4$c963fe20$[EMAIL PROTECTED]> BadBlue (and all vendors who wrote ISAPI extensions with MFC) should recompile with Visual Studio 6.0 SP4 or later. There were serious problems with many ISAPI extensions built with earlier versions of the MFC libraries. 2 probl

MFC ISAPI Framework Buffer Overflow

2002-07-12 Thread Matthew Murphy
Systems Affected: All ISAs written using MFC ISAPI framework Issue: User-input length values can result in a buffer overflow. Risk: Critical Scope: Remote Server Compromise The MFC ISAPI framework is widely used to build ISAs that run on a multitude of web servers. It has been discovered that th