Overview =============== DartWebserver.Dll is an HTTP server provided by Dart Comunications (dart.com). It is distributed in their PowerTCP/Webserver For ActiveX product and likely other similar products. "Build web applications in any familiar software development environment. Use WebServer for ActiveX to add web-based access to traditional compiled applications." Version 1.9.2 and prior is vulnerable to a null pointer dereference, these maybe generated by making a malformed request to the server. Analysis =============== During the processing of incoming HTTP requests the server may process malformed requests leading to the a null pointer dereference, this causes an exception which is not handled and the parent process crashes. This will lead to a Denial of Service (DoS) condition. To my knowledge this bug can *not* be used to gain access to any other CPU registers. The malformed packet of the format: GET / HTTP/1.1\nContent-Length:-1\n\n The reliability of this bug is low, requiring upwards of several hundred requests to be processed before causing the exception. This may be system specific, relying heavily on the host operating system's pre-existing condition. So, if at first you do not succeed in replicating this bug - try and try again. Timeline =============== 10/15/2012 - Contacted vendor with an incident report. 10/15/2012 - Contacted Mitre for CVE assignment 10/17/2012 - CVE-ID Assigned 10/18/2012 - Contacted vendor with assigned CVE-ID 10/19/2012 - Vendor replied with questions about the incident report and vulnerability 10/19/2012 - Incident report found, vulnerability details clarified 10/30/2012 - Vendor contacted researcher with an update of the status of the bug report, indicating they do not have time to investigate the cause of the vulnerability. 04/08/2013 - Public disclosure to Bugtraq. More information =============== To see more of my work and research, stop by to visit and follow my blog: http://sadgeeksinsnow.blogspot.com/