Microsoft Windows XP/2000 - 'RunDLL32.exe' Local Buffer Overflow

EDB-ID:

22870

CVE:

N/A

Author:

Rick Patel

Type:

local

Platform:

Windows

Published:

2003-07-06

source: http://www.securityfocus.com/bid/8114/info

rundll32.exe has been reported prone to a buffer overflow vulnerability. The condition has been reported to be triggered when an excessive string is passed to the vulnerable application as a routine name for a module.

Exploitation of this issue may be hindered, due to the fact that user-supplied data is converted to Unicode.

It should be noted that although this issue has been reported to affect rundll32.exe that is shipped with Windows XP SP1, other versions might also be affected.

rundll32.exe advpack32.dll,<'A'x499>