|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dailydave] MS_MSDTC movie goodness
From: Dave Aitel (dave
immunitysec.com)
Date: Fri Oct 14 2005 - 14:08:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.immunitysec.com/CANVAS_DEMO/demos/msdtc.html (2 shells for
the price of one!)
Someone pointed out to me in a private email that it is, of course,
possible to worm MSDTC. But that's true for every exploit, and I think
those mystic worm writers of the clouds really only write worms for
things that work 100% of the time, and sometimes not even then. Worms
are pretty rare, really.
As you can see from the movie, the exploit works fine, but ... unless
there's a way to guess the VirtualAlloc return, this particular
vulnerability is not what I would consider a worm writer's dream. But I
could be wrong. Only the spyware people really know. 50% of the world's
win2k boxes is 50% more than most people had last week, I guess.
The patch itself is, as my peeps tell me, basically SP5. So there's
100000000 other vulns all of which might be much easier to make 100%.
COM+ is one of them...
-dave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]