Re: [Framework] Is MQSVC Microsoft April Security Bulletin Exploit out in the Public??

[hdm at metasploit.com (H D Moore)]

This was an attempt at humor. The point was that if you want to see a new 
exploit added to the Metasploit Framework, feel free to write it yourself 
and send it in. The Framework was designed to be exploit development 
platform, not a GUI full of 0-day :-) If you want the GUI full of 0-day, 
there are a people[1] who will gladly provide that for a fee.

 The URL reference was not related to the subject, but is interesting for 
anyone who has tried to exploit the ASN1 heap overflow discovered by eEye 
last year. Solar Eclipse ended up using a completly different 
vulnerability to obtain reliable code execution (the Metasploit port will 
be pushed out in a couple hours).

-HD

1a. http://www.corest.com/
1b. http://www.immunitysec.com/

On Wednesday 10 December 2003 20:26, vajira ganepola wrote:
> Hello Everyone,
>
> cnsl was refering to MS05-17, But one HD posted was for MS04-07. Can
> anyone explain
>
>
> Vajira
>
> ----- Original Message -----
> From: "H D Moore" <hdm at metasploit.com>
> To: <framework at metasploit.com>
> Sent: Wednesday, April 20, 2005 2:16 PM
> Subject: [framework] Re: [Framework] Is MQSVC Microsoft April Security
> Bulletin Exploit out in the Public??
>
> > Awesome, I look forward to seeing your submission.
> >
> > -HD
> >
> > PS.
> > http://www.phreedom.org/solar/exploits/msasn1-bitstring/index.html
> >
> > On Wednesday 20 April 2005 16:31, cnsl wrote:
> > > Is Microsoft Security Bulletin (MS05-017) out there in the public?
> > > Webcast saids no public exploits but Immunity CANVAS has they've
> > > got exploit already in CANVAS. I think its time to get into
> > > metasploit too!
> > >
> > > With Regards.
> > >
> > > Phyo.