Fun with WebDAV (MS08-007)
WebDAV is a set of extensions to the HTTP protocol that facilitate creation and editing. The WebDAV mini-redirector (the "WebClient" service) is a driver called mrxdav.sys that is responsible for handling WebDAV requests. With it, you can browse to a DAV directory within Windows Explorer and even map it to a drive letter. The MS08-007 bug is an integer overflow in the code that lists DAV directories. If a malicious server sends a filename greater than 65536 bytes, a heap overflow occurs. Since MS08-007 effects the driver itself, this bug causes a crash in the kernel itself resulting in a "BSoD".
Posted by HD Moore (2008-02-13 17:34:49)
