afaik this sploit only bypasses stuff like OverflowGuard or StackDefender. a patched system will not be vulnerable... Ran the manipulated code, never made it through..... The code equals the first rpc/dcom split codes... Spent some time with the code - as far as I can say it is no threat at all ;)
But if one knows better - I will be pleased to be teached better Rgds Thorsten > -----Urspr�ngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im Auftrag von Stephen > Gesendet: Montag, 10. November 2003 21:31 > An: [EMAIL PROTECTED] > Betreff: Re: [Full-Disclosure] Windows RPC 4 ? [Exploit] > > > yes here is the .exe file (attached) > > compiled from the k-otik's source > http://www.k-otik.com/exploits/11.07.rpcexec.c.php > > and some offsets added by the othor ... > > > > --- PhilZ wrote: > > It's not a new RPC hole :-) > > > > It's an exploit for MS03-039. > > > __________________________________ > Do you Yahoo!? > Protect your identity with Yahoo! Mail AddressGuard > http://antispam.yahoo.com/whatsnewfree > > > __________________________________ > Do you Yahoo!? > Protect your identity with Yahoo! Mail AddressGuard > http://antispam.yahoo.com/whatsnewfree > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
