no one is safe ...

Advisory: Webby - Buffer overflow vulnerability with overwritten structured exception handler (SEH) - [3rd Update: 12.06.2010]

---------------------------------------------
Webby Webserver v1.01
- Buffer overflow vulnerability with overwritten structured exception handler (SEH)
Date: 25.05.2010
---------------------------------------------

- Description

Webby is a small webserver for the windows operating system.

- Buffer overflow vulnerability

The vulnerability can be triggered by sending a specially crafted HTTP GET request. Payload of the attached POC overwrites the SEH with NOPs.

- Solution

No known solution available.
No contact details of the author found.

- Credits

The vulnerability was discovered by Michael Messner from Integralis
devnull#at#s3cur1ty#dot#de

- Timeline

25.05.2010 - Vulnerability discovered

- Reference

Download vulnerable software:
http://www.shareware.de/webby-webserver/

- Screenshots

Update:

AttachmentSize
advisory-webby.txt1.62 KB