- Buffer overflow in AspUpload 1.4 -

There is a buffer overflow in AspUpload 1.4 from Persits Software. It's been verified on Windows 4.0 Server with IIS 3.0 and IIS 4.0. It's not unlikely that it also works on all previous versions of AspUpload. If you enter about 3800 characters or more in the filename box in your browser and click on the send button, AspUpload kills the inetinfo process on the server (that is, kills IIS).

[Home]  [Security Advisories]  [The Toolbox]  [The Trashcan]

© 1999, Arne Vidström