I was looking for a Nessus plugin for this vulnerability (MDAC buffer overflow) and I saw the one by Renaud Deraison, but it runs against the dll itself through port 80, which is fine for scanning web servers, but most clients won't have port 80 open and their problem comes from establishing a connection to a malicious server, not having someone else request the connection. Are there any others I might have missed that will run against clients (or both) instead of servers?
Robert Alvey
Code 19, Apprentice
(360) 315-3159
A+ Certified, CFOI
