Dailydave mailing list archives
Re: ms04-031 pre-auth ??
From: Dave Aitel <dave () immunitysec com>
Date: Mon, 18 Oct 2004 13:05:10 -0400
Matt Hargett wrote:
Sinan Eren wrote:http://www.microsoft.com/technet/security/bulletin/ms04-031.mspxWe have located the vulnerable function and just recently wrote the CANVAS module for it but all our tests showed that the NetDDE vulnerability can not be exploited with a NULL session a.k.a with "Anonymous Logon" credentials.Can you share the function name/location, perchance? :) I'm curious what the bug looks like.
You need to make those new VC's cough up $995! Then, not only do you get the function name, but you get a nice exploit with all of our internal documentation. We even include a GUI! And, for bonus fun, it won't be caught by Snort if you move the covertness bar to the right hand side. :>
Dave Aitel VP Marketing Immunity, Inc. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ms04-031 pre-auth ?? Sinan Eren (Oct 18)
- Re: ms04-031 pre-auth ?? Matt Hargett (Oct 18)
- Re: ms04-031 pre-auth ?? Dave Aitel (Oct 18)
- Re: ms04-031 pre-auth ?? Sinan Eren (Dec 29)
- Re: ms04-031 pre-auth ?? Matt Hargett (Oct 18)