lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTinvmPbnhc8rhUxyfIjbo--AP6nnUDJMoyc5z94O@mail.gmail.com>
Date: Tue, 6 Jul 2010 15:30:05 -0400
From: musnt live <musntlive@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: MusntLive releases serious Microsoft MS SQL
	advisory

Free Travis!

-----------------------

0:000> lmvm axscphst
start    end        module name
41330000 4133f000   axscphst   (deferred)
    Image path: G:\MusntLiveLabs\Program Files\Microsoft SQL
Server\80\Tools\Binn\axscphst.DLL
    Image name: axscphst.DLL
    Timestamp:        Sun Aug 06 04:50:24 2000 (398D26D0)
    CheckSum:         000132F2
    ImageSize:        0000F000
    File version:     2000.80.194.0
    Product version:  8.0.1.94
    File flags:       0 (Mask 3F)
    File OS:          40000 NT Base
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04e4
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft SQL Server
    InternalName:     AxScriptHost70
    OriginalFilename: AxScriptHost70.DLL
    ProductVersion:   8.00.194
    FileVersion:      2000.080.0194.00
    FileDescription:  AxScriptHost70 - Active Scripting Host for SQL
    LegalCopyright:   © 1988-2000 Microsoft Corp. All rights reserved.
    LegalTrademarks:  Microsoft® is a registered trademark of
Microsoft Corporation. Windows(TM) is a trademark of Microsoft
Corporation
    Comments:         NT INTEL X86
0:000> !exploitable -v
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0xXXXXXX
Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Data Execution Protection (DEP) Violation

Exception Hash (Major/Minor): 0xXXXXXXXX.0xXXXXXXXX

no freebies

Instruction Address: 0x0000000000xxxxxx

Description: Data Execution Prevention Violation
Short Description: DEPViolation
Exploitability Classification: EXPLOITABLE

-----------------------

Up for sale to highest bidder (serious replies only) 6 0-day PoC's in MS SQL

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ