Dailydave mailing list archives
MS_MSDTC movie goodness
From: Dave Aitel <dave () immunitysec com>
Date: Fri, 14 Oct 2005 15:08:43 -0400
http://www.immunitysec.com/CANVAS_DEMO/demos/msdtc.html (2 shells for the price of one!)
Someone pointed out to me in a private email that it is, of course, possible to worm MSDTC. But that's true for every exploit, and I think those mystic worm writers of the clouds really only write worms for things that work 100% of the time, and sometimes not even then. Worms are pretty rare, really.
As you can see from the movie, the exploit works fine, but ... unless there's a way to guess the VirtualAlloc return, this particular vulnerability is not what I would consider a worm writer's dream. But I could be wrong. Only the spyware people really know. 50% of the world's win2k boxes is 50% more than most people had last week, I guess.
The patch itself is, as my peeps tell me, basically SP5. So there's 100000000 other vulns all of which might be much easier to make 100%. COM+ is one of them...
-dave
Current thread:
- MS_MSDTC movie goodness Dave Aitel (Oct 14)