vendor:
Unknown
by:
Winny Thomas
7.5
CVSS
HIGH
Buffer Overflow
Unknown
CWE
Product Name: Unknown
Affected Version From: Helix server v11.0.1
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Platforms Tested: Windows 2000 server SP4
Unknown
Remote exploit for the vulnerability in Helix server v11.0.1
The exploit spawns a shell on TCP port 4444 and connects to it. At the time of overflow we control EAX which is used in a call as follows 00420C64: call dword ptr [eax + 4]. ECX points into our buffer at the time of overflow. So if we can craft a DWORD that points to an address that translates to call dword ptr [ecx + xx] and have a pointer into our shellcode at that location then our shellcode executes. This exploit uses hardcoded address which worked fine on Windows 2000 server SP4 machines. Credits for discovery and POC goes to Evgeny Legerov.
Mitigation:
Unknown