Ah, you refer to this one. "The first vulnerability specifically exists in the handling of a long username to the LOGIN command. A long username argument of approximately 2,000 bytes will cause a stack based unicode string buffer overflow providing the attacker with partial control over EIP. As this vulnerability is in the LOGIN command itself, valid credentials are not required. "
Later it reads "The second vulnerability also exists in the handling of the LOGIN command username argument, however it lends itself to easier exploitation." I guess I shouldn't have trusted this statement :) Perhaps I'll take a look at this one next, or just use your CANVAS example :) Cheers nolimit
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
