[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTinvmPbnhc8rhUxyfIjbo--AP6nnUDJMoyc5z94O@mail.gmail.com>
Date: Tue, 6 Jul 2010 15:30:05 -0400
From: musnt live <musntlive@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: MusntLive releases serious Microsoft MS SQL
advisory
Free Travis!
-----------------------
0:000> lmvm axscphst
start end module name
41330000 4133f000 axscphst (deferred)
Image path: G:\MusntLiveLabs\Program Files\Microsoft SQL
Server\80\Tools\Binn\axscphst.DLL
Image name: axscphst.DLL
Timestamp: Sun Aug 06 04:50:24 2000 (398D26D0)
CheckSum: 000132F2
ImageSize: 0000F000
File version: 2000.80.194.0
Product version: 8.0.1.94
File flags: 0 (Mask 3F)
File OS: 40000 NT Base
File type: 1.0 App
File date: 00000000.00000000
Translations: 0409.04e4
CompanyName: Microsoft Corporation
ProductName: Microsoft SQL Server
InternalName: AxScriptHost70
OriginalFilename: AxScriptHost70.DLL
ProductVersion: 8.00.194
FileVersion: 2000.080.0194.00
FileDescription: AxScriptHost70 - Active Scripting Host for SQL
LegalCopyright: © 1988-2000 Microsoft Corp. All rights reserved.
LegalTrademarks: Microsoft® is a registered trademark of
Microsoft Corporation. Windows(TM) is a trademark of Microsoft
Corporation
Comments: NT INTEL X86
0:000> !exploitable -v
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0xXXXXXX
Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Data Execution Protection (DEP) Violation
Exception Hash (Major/Minor): 0xXXXXXXXX.0xXXXXXXXX
no freebies
Instruction Address: 0x0000000000xxxxxx
Description: Data Execution Prevention Violation
Short Description: DEPViolation
Exploitability Classification: EXPLOITABLE
-----------------------
Up for sale to highest bidder (serious replies only) 6 0-day PoC's in MS SQL
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists