Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

MusntLive releases serious Microsoft MS SQL advisory

From: musnt live <musntlive () gmail com>
Date: Tue, 6 Jul 2010 15:30:05 -0400
Free Travis!

-----------------------

0:000> lmvm axscphst
start    end        module name
41330000 4133f000   axscphst   (deferred)
    Image path: G:\MusntLiveLabs\Program Files\Microsoft SQL
Server\80\Tools\Binn\axscphst.DLL
    Image name: axscphst.DLL
    Timestamp:        Sun Aug 06 04:50:24 2000 (398D26D0)
    CheckSum:         000132F2
    ImageSize:        0000F000
    File version:     2000.80.194.0
    Product version:  8.0.1.94
    File flags:       0 (Mask 3F)
    File OS:          40000 NT Base
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04e4
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft SQL Server
    InternalName:     AxScriptHost70
    OriginalFilename: AxScriptHost70.DLL
    ProductVersion:   8.00.194
    FileVersion:      2000.080.0194.00
    FileDescription:  AxScriptHost70 - Active Scripting Host for SQL
    LegalCopyright:   © 1988-2000 Microsoft Corp. All rights reserved.
    LegalTrademarks:  Microsoft® is a registered trademark of
Microsoft Corporation. Windows(TM) is a trademark of Microsoft
Corporation
    Comments:         NT INTEL X86
0:000> !exploitable -v
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0xXXXXXX
Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Data Execution Protection (DEP) Violation

Exception Hash (Major/Minor): 0xXXXXXXXX.0xXXXXXXXX

no freebies

Instruction Address: 0x0000000000xxxxxx

Description: Data Execution Prevention Violation
Short Description: DEPViolation
Exploitability Classification: EXPLOITABLE

-----------------------

Up for sale to highest bidder (serious replies only) 6 0-day PoC's in MS SQL

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: