####################################################################### Luigi Auriemma Application: Getware's built-in webserver http://www.getware.com Versions: WebCam Live <= 2.01 Photohost <= 4.0 Platforms: Windows Bug: Denial of service Exploitation: remote Date: 19 Jan 2004 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== WebCam Live and Photohost are 2 shareware programs used to share webcam streams and photo albums through the web. The web functions are managed by a built-in webserver that is the same for both the programs. ####################################################################### ====== 2) Bug ====== The bug is in the management of the value of the Content-Length parameter sent by the client to the built-in webserver. If this value is negative (or major than 2147483647 that is the same) the webserver will show an "Out of memory" MessageBox but will continue to run without problems. The problems arrive after less than 300 of these errors (so 300 connections with the value -1) when the server will crash definitely. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/wcamdos.zip ####################################################################### ====== 4) Fix ====== No fix. The vendor has not answered to my bug reports. #######################################################################