An authenticated user can cause a denial of service in the *Sysax Multi Server v6.90* application by crafting an abnormally long filename in the *uploadfilename1.htm* form. The form allows for the filename="" parameter to have a length of 367 bytes, a filename longer than this length will cause the application to crash. The 4 bytes after the 367 byte buffer will overwrite the first 4 bytes of EBX.
CPU State before crash:
CPU state at crash: