Dailydave mailing list archives
Re: rpc_srvsvc_mmallocdos.rar
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 23 Nov 2005 08:41:34 -0500
scz wrote:
Looks good - I've found a sorta logarithmic stepdown on the memory works best...Dave Aitel daveaitel at tmail.comI'm guessing you send a large integer to function 0x30 in srvsvc via \\browser, and xpsp2 falls to basically the same bug. I haven't had time to test it yet though.This is PoC from hume@nsfocus: net use \\<target>\ipc$ "" /user:"" <this exe> -n <target> -x <0xb000000(size)> That's all.
Are you making <this exe> public? :> -dave
Current thread:
- rpc_srvsvc_mmallocdos.rar scz (Nov 22)
- Re: rpc_srvsvc_mmallocdos.rar Dave Aitel (Nov 23)
- Re: rpc_srvsvc_mmallocdos.rar scz (Nov 23)
- Re: rpc_srvsvc_mmallocdos.rar Dave Aitel (Nov 23)