>Well, it is the most widely supported default interface that is >vulnerable. It would be a very unusual machine that is vulnerable on >some other port and _NOT_ on 135, so what is the payoff for writing an >exploit (at least a "prrof of concept") that tries other ports?
Because 9 times out of 10 port 135 is blocked by some sort of firewall, whilst port 80 is not blocked on a web server. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
