Full Disclosure mailing list archives
MusntLive releases serious Microsoft MS SQL advisory
From: musnt live <musntlive () gmail com>
Date: Tue, 6 Jul 2010 15:30:05 -0400
Free Travis! ----------------------- 0:000> lmvm axscphst start end module name 41330000 4133f000 axscphst (deferred) Image path: G:\MusntLiveLabs\Program Files\Microsoft SQL Server\80\Tools\Binn\axscphst.DLL Image name: axscphst.DLL Timestamp: Sun Aug 06 04:50:24 2000 (398D26D0) CheckSum: 000132F2 ImageSize: 0000F000 File version: 2000.80.194.0 Product version: 8.0.1.94 File flags: 0 (Mask 3F) File OS: 40000 NT Base File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04e4 CompanyName: Microsoft Corporation ProductName: Microsoft SQL Server InternalName: AxScriptHost70 OriginalFilename: AxScriptHost70.DLL ProductVersion: 8.00.194 FileVersion: 2000.080.0194.00 FileDescription: AxScriptHost70 - Active Scripting Host for SQL LegalCopyright: © 1988-2000 Microsoft Corp. All rights reserved. LegalTrademarks: Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Comments: NT INTEL X86 0:000> !exploitable -v HostMachine\HostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception Exception Faulting Address: 0xXXXXXX Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) Exception Sub-Type: Data Execution Protection (DEP) Violation Exception Hash (Major/Minor): 0xXXXXXXXX.0xXXXXXXXX no freebies Instruction Address: 0x0000000000xxxxxx Description: Data Execution Prevention Violation Short Description: DEPViolation Exploitability Classification: EXPLOITABLE ----------------------- Up for sale to highest bidder (serious replies only) 6 0-day PoC's in MS SQL _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MusntLive releases serious Microsoft MS SQL advisory musnt live (Jul 06)