| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: toddtowles at brookshires.com (Todd Towles) Subject: MS04-028 Shell Exploit[Scanned] FYI, Symantec uses the Bloodhound name on heuristic detection. Therefore IMHO, this detection can work but shouldn't be trusted as protection, just yet. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Andy Silva Sent: Thursday, September 23, 2004 8:16 AM To: Adam@...ckwave.systems.pipex.net Cc: Mailing List - Full-Disclosure; Mailing List - Patch Management Subject: Re: [Full-Disclosure] MS04-028 Shell Exploit[Scanned] Well, on my WinXP SP1 machine, the shellcode will not excecute when displayed in a web browser (firefox PR1 and IE 6 SP1). It will however excecute when windows opens the folder that it's in (trying to make a thumbnail i would assume.) A few seconds after the command window opens, explorer crashes. (un)Fortunately none of the email accounts that I had up and running let the attatchment through... they thought it was Bloodhound.Exploit.13. I didn't have enough time to try anything fancy immediately before i left work so I left it at that. I wonder if this could potentially turn into an email worm. -andy Todd Towles wrote: >MS04-028 Exploit > >Launches local cmd.exe (not port bound) > >http://www.k-otik.com/exploits/09222004.ms04-28-cmd.c.php > > >-----Original Message----- >From: full-disclosure-admin@...ts.netsys.com >[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Josh L. >Perrymon >Sent: Wednesday, September 22, 2004 1:48 PM >To: full-disclosure@...ts.netsys.com >Subject: [Full-Disclosure] New GDI exploit > >Game over... > >So the exploit is out that will open a local command prompt on the >machine exploiting the GDI library.. > >This thing allows 2500 bytes of shellcode.. > >How long before this turns nasty? > >Seems easy to me to make it reverse shell... > > >-------- > >The problem I have is patching with SMS. MBSA won't pickup the needed >patched in SMS so you have to push out to all machines in a container >for a certain software type- > >IE >XP >VIsio > > >blah blah so on.... > >------------ > >The cycle continues.. > >JP > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > --- To unsubscribe send a blank email to leave-patchmanagement@...chmanagement.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- To unsubscribe send a blank email to leave-patchmanagement@...chmanagement.org
Powered by blists - more mailing lists