Question
MS03-49 is a
stack based buffer overflow, as described below in the articles below. I have
also included a description of the blaster exploit, which was also a stack based
over flow.
"We
found some RPC functions which will accept a long string as a parameter, and
will attempt to write it to the debug log file. If we specify a long string as a
parameter to these RPC functions, a stack-based buffer overflow will happen in
the Workstation service on the remote system. Attackers who successfully
leverage this vulnerability will be executing code under the SYSTEM context of
the remote host." credit Yuji Ukai http://www.eeye.com/html/Research/Advisories/AD20031111.html analysis
of MS03-49
"This is a stack buffer
overflow vulnerability that exists in an integral component of any modern
Windows operating system, an RPC interface implementing Distributed Component
Object Model services (DCOM). In a result of implementation error in a function
responsible for instantiation of DCOM objects, remote attackers can obtain
remote access to vulnerable systems." credit http://lsd-pl.net/special.html (blaster
exploit)
However the
buffer overflow patched by MS03-039 was a heap
based.
I remember
reading in this list that a stack based overflow would be more
"easily"/"effectively"/"automatically" exploited than a heap based one. Taking
this into account could we summarise that this latest over flow posses a similar
threat as the first RPC DCOM overflow?
Thanks
RF
