[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: [Full-Disclosure] Windows RPC 4 ? [Exploit]
- To: <full-disclosure@lists.netsys.com>
- Subject: AW: [Full-Disclosure] Windows RPC 4 ? [Exploit]
- From: "Thorsten Mayr" <tmayr@kitcon.net>
- Date: Mon, 10 Nov 2003 22:12:24 +0100
afaik this sploit only bypasses stuff like OverflowGuard or StackDefender.
a patched system will not be vulnerable... Ran the manipulated code, never made
it through.....
The code equals the first rpc/dcom split codes...
Spent some time with the code - as far as I can say it is no threat at all ;)
But if one knows better - I will be pleased to be teached better
Rgds
Thorsten
> -----Ursprüngliche Nachricht-----
> Von: full-disclosure-admin@lists.netsys.com
> [mailto:full-disclosure-admin@lists.netsys.com] Im Auftrag von Stephen
> Gesendet: Montag, 10. November 2003 21:31
> An: full-disclosure@lists.netsys.com
> Betreff: Re: [Full-Disclosure] Windows RPC 4 ? [Exploit]
>
>
> yes here is the .exe file (attached)
>
> compiled from the k-otik's source
> http://www.k-otik.com/exploits/11.07.rpcexec.c.php
>
> and some offsets added by the othor ...
>
>
>
> --- PhilZ wrote:
> > It's not a new RPC hole :-)
> >
> > It's an exploit for MS03-039.
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html