Hi!

I've found a vulnerability in TelCondex SimpleWebServer 2.06.20817 Build
3128 (tested on Windows XP Professional). It could be that prior
versions are also affected.

It's possible to crash the web server application with a long URL
(starting from 539 Chars)[1]. You'll see a popup message on the victims
host.

You have to restart the httpd service to get a running web server.

I've informed support@telcondex.de on 02/10/12 about the bug. After a
really friendly response[2] the new version 2.09 without the bug is
available at http://www.yourinfosystem.de/download.htm

Bye, Marc

[1] e.g. http://192.168.0.2/AAA[...]AAA

[2] We discussed the bug and it seems that the problem is in the 32 bit
command control for showing the URLs. In other words, every operating
system reacts in another way.

-- 
Computer, Technik und Security
http://www.computec.ch