|
Vulnerability Website Affected Windows NT running Website Pro 2.4 Description Following is based on a Cerberus Information Security Advisory. The Cerberus Security Team has discovered a buffer overflow in O'Reilly's Website Pro 2.4. This overflow can be exploited by an attacker to execute arbitrary code. There are many ways to cause this overflow - for example with an overly long "GET" request or overly long "Referer" client header. The saved return address is overwritten gaining control of the httpd32.exe process. By overwriting the return address with an address in memory that contains the "call ebx" or jmp ebx" it is possible to land back in the user supplied buffer where exploit code would be placed. Solution O'Reilly were informed of this on 23rd of June 2000, and the issue has been fixed in the 2.5 release available at http://website.oreilly.com/support/software/wsp2x_updates.cfm