|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] MSRPC vulnerability 1 billion and six?
From: Dave Aitel (daveaitel
tmail.com)
Date: Thu Nov 17 2005 - 13:40:58 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There's still endpoints you can connect to by default. For example my
userenum tool works remotely against sp2 just fine.
I'm guessing you send a large integer to function 0x30 in srvsvc via
\\browser, and xpsp2 falls to basically the same bug. I haven't had time
to test it yet though.
-dave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]