This may not be a limitation if you can use the argument-skipping syntax in msvcrt (ie. %4000$x).
-HD On Friday 16 December 2005 08:32, FistFucker wrote: >I don't think it's > exploitable because the user controlled string is >many thousand bytes away from the stack pointer and you can only send 512 >bytes to the SMTP daemon. [snip] > If someone was able to exploit this, I would be interested in exploit > code or an explanation to learn from him. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
