Dailydave mailing list archives
rpc_srvsvc_mmallocdos.rar
From: scz <scz () nsfocus com>
Date: Wed, 23 Nov 2005 11:16:33 +0800
Dave Aitel daveaitel at tmail.com
I'm guessing you send a large integer to function 0x30 in srvsvc via \\browser, and xpsp2 falls to basically the same bug. I haven't had time to test it yet though.
This is PoC from hume@nsfocus: net use \\<target>\ipc$ "" /user:"" <this exe> -n <target> -x <0xb000000(size)> That's all.
Current thread:
- rpc_srvsvc_mmallocdos.rar scz (Nov 22)
- Re: rpc_srvsvc_mmallocdos.rar Dave Aitel (Nov 23)
- Re: rpc_srvsvc_mmallocdos.rar scz (Nov 23)
- Re: rpc_srvsvc_mmallocdos.rar Dave Aitel (Nov 23)