Date: Thu, 15 Jan 1998 12:03:30 -0700
From: Gurney Halleck <gurneyh@ix.netcom.com>
To: dc-stuff <dc-stuff@merde.dis.org>
Subject: Buffer overflow with MS PWS

I don't know if this has ever been reported.  I did check MS Technical
support but didn't find anything.

While goofing with MS Personal Web Server (pws32/2.0.2.1112) that came
packaged with FrontPage 97 and running under NT 3.51 , I found that the
following URL will crash PWS.

http://PWS_Name/1234567890123456789012345678901234567890123456789012345678901234
56789012345678901234567890123456789012345678901234567890123456789012345678901234
567890123456789

Where PWS_Name is the domain name of the PWS server and the long string
is 159 chars.

I have no idea if it is exploitable beyond just crashing PWS.
It bombs out with an Exception: access violation as reported by Dr.
Watson.
--
Gurney Halleck <gurneyh@ix.netcom.com>
UIN:3268715
Visit my Web 'Zine: Little Albert ( http://www.littleal.pair.com )
For my pub key:
http://pgp.ai.mit.edu:11371/pks/lookup?op=get&search=Gurney+Halleck
Key fingerprint =  C7 D3 2F 1D 16 7F FC E4  A3 95 D7 AD C0 38 9D AC