|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] SPIKE actually scores.
pageexec
freemail.hu
Date: Thu Jul 14 2005 - 17:04:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 14 Jul 2005 at 13:43, Dave Aitel wrote:
> pageexecfreemail.hu wrote:
> >rdpwd.sys from XPSP2? ;-)
> >
> Ah, that'd make sense. RDP would pass through the firewall since it
> would need to be used for the remote helper service.
i think this is the driver in question indeed. the bug is at
a 'mov cl,[eax+1]' where eax apparently pointed to an invalid
address. given that this is inside a 4kB long function (the
calltree is:
ShareClass::CompressV2Int24
ShareClass::CompressV2Int32
ShareClass::BC_Compress
ShareClass::BC_CompressBitmap
ShareClass::SDGSendSDARectWorker
ShareClass::SDGSendSDARect
ShareClass::SDG_SendScreenDataArea
ShareClass::UP_SendUpdates
ShareClass::DCS_TimeToDoStuff
_WD_Ioctl),
i can imagine there's more than a mere DoS in this. in any
case, next patch tuesday will probably come sooner than
they expected it ;-).
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]