Dailydave mailing list archives
Re: MSRPC vulnerability 1 billion and six?
From: Dave Aitel <daveaitel () tmail com>
Date: Thu, 17 Nov 2005 14:40:58 -0500
There's still endpoints you can connect to by default. For example my userenum tool works remotely against sp2 just fine.
I'm guessing you send a large integer to function 0x30 in srvsvc via \\browser, and xpsp2 falls to basically the same bug. I haven't had time to test it yet though.
-dave
Current thread:
- Re: MSRPC vulnerability 1 billion and six?, (continued)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? halvar (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Thomas Lakofski (Nov 20)
- Re: MSRPC vulnerability 1 billion and six? Blue Boar (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? H D Moore (Nov 17)
- Re: MSRPC vulnerability 1 billion and six? Dave Aitel (Nov 17)