module
Novell Messenger Server 2.0 Accept-Language Overflow
| Disclosed | Created |
|---|---|
| Apr 13, 2006 | May 30, 2018 |
Disclosed
Apr 13, 2006
Created
May 30, 2018
Description
This module exploits a stack buffer overflow in Novell GroupWise
Messenger Server v2.0. This flaw is triggered by any HTTP
request with an Accept-Language header greater than 16 bytes.
To overwrite the return address on the stack, we must first
pass a memcpy() operation that uses pointers we supply. Due to the
large list of restricted characters and the limitations of the current
encoder modules, very few payloads are usable.
Messenger Server v2.0. This flaw is triggered by any HTTP
request with an Accept-Language header greater than 16 bytes.
To overwrite the return address on the stack, we must first
pass a memcpy() operation that uses pointers we supply. Due to the
large list of restricted characters and the limitations of the current
encoder modules, very few payloads are usable.
Author
hdm x@hdm.io
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.