[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0EDAAACD0E80514C8C13035C7573D01B2775EA@majestix.FRANKFURT.KITCON.COM>
From: tmayr at kitcon.net (Thorsten Mayr)
Subject: AW: Windows RPC 4 ? [Exploit]
afaik this sploit only bypasses stuff like OverflowGuard or StackDefender.
a patched system will not be vulnerable... Ran the manipulated code, never made it through.....
The code equals the first rpc/dcom split codes...
Spent some time with the code - as far as I can say it is no threat at all ;)
But if one knows better - I will be pleased to be teached better
Rgds
Thorsten
> -----Urspr?ngliche Nachricht-----
> Von: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] Im Auftrag von Stephen
> Gesendet: Montag, 10. November 2003 21:31
> An: full-disclosure@...ts.netsys.com
> Betreff: Re: [Full-Disclosure] Windows RPC 4 ? [Exploit]
>
>
> yes here is the .exe file (attached)
>
> compiled from the k-otik's source
> http://www.k-otik.com/exploits/11.07.rpcexec.c.php
>
> and some offsets added by the othor ...
>
>
>
> --- PhilZ wrote:
> > It's not a new RPC hole :-)
> >
> > It's an exploit for MS03-039.
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
Powered by blists - more mailing lists