lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA2717144D@dc1ms2.msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: MS04-028 Shell Exploit[Scanned]

FYI, Symantec uses the Bloodhound name on heuristic detection. Therefore
IMHO, this detection can work but shouldn't be trusted as protection,
just yet.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Andy Silva
Sent: Thursday, September 23, 2004 8:16 AM
To: Adam@...ckwave.systems.pipex.net
Cc: Mailing List - Full-Disclosure; Mailing List - Patch Management
Subject: Re: [Full-Disclosure] MS04-028 Shell Exploit[Scanned]

Well, on my WinXP SP1 machine, the shellcode will not excecute when
displayed in a web browser (firefox PR1 and IE 6 SP1).
It will however excecute when windows opens the folder that it's in
(trying to make a thumbnail i would assume.) A few seconds after the
command window opens, explorer crashes.
(un)Fortunately none of the email accounts that I had up and running let
the attatchment through... they thought it was Bloodhound.Exploit.13.
I didn't have enough time to try anything fancy immediately before i
left work so I left it at that. I wonder if this could potentially turn
into an email worm.

-andy

Todd Towles wrote:

>MS04-028 Exploit
>
>Launches local cmd.exe (not port bound)
>
>http://www.k-otik.com/exploits/09222004.ms04-28-cmd.c.php
>
>
>-----Original Message-----
>From: full-disclosure-admin@...ts.netsys.com
>[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Josh L.
>Perrymon
>Sent: Wednesday, September 22, 2004 1:48 PM
>To: full-disclosure@...ts.netsys.com
>Subject: [Full-Disclosure] New GDI exploit
>
>Game over...
>
>So the exploit is out that will open a local command prompt on the
>machine exploiting the GDI library..
>
>This thing allows 2500 bytes of shellcode..
>
>How long before this turns nasty?
>
>Seems easy to me to make it reverse shell...
>
>
>--------
>
>The problem I have is patching with SMS. MBSA won't pickup the needed
>patched in SMS so you have to push out to all machines in a container
>for a certain software type-
>
>IE
>XP
>VIsio
>
>
>blah blah so on....
>
>------------
>
>The cycle continues..
>
>JP
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  
>


---
To unsubscribe send a blank email to
leave-patchmanagement@...chmanagement.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ