rpc_srvsvc_mmallocdos.rar

[scz <scz () nsfocus com>]

> Dave Aitel daveaitel at tmail.com 

> I'm guessing you send a large integer to function 0x30 in srvsvc via 
> \\browser, and xpsp2 falls to basically the same bug. I haven't had time 
> to test it yet though.

This is PoC from hume@nsfocus:

net use \\<target>\ipc$ "" /user:""
<this exe> -n <target> -x <0xb000000(size)>

That's all.