Metasploit mailing list archives
Fw: MS08-067 Win2K3 German lang. support <<< Untrusted Mail >>>
From: hdm at metasploit.com (hdm)
Date: Sun, 12 Apr 2009 18:00:52 -0500
On Mon, 2009-04-13 at 00:44 +0200, christopher.riley at r-it.at wrote:
Just to add to the previous email. I've looked at the Win2K3 Universal exploit that uses CALL ESI in svchost.exe. Not sure why I didn't see this before. I've taken a look at the svchost.exe from sp2 (English and German) they both appear to have a CALL ESI at 0x01001173. If somebody with a 3rd language edition of Win2K3 sp2 could check this as well it could be a suitable universal for sp2. The exploit seems to run fine using this address on the German edition.
I can check across all service packs later on -- but that return type will not bypass NX/DEP. -HD
Current thread:
- Fw: MS08-067 Win2K3 German lang. support <<< Untrusted Mail >>> christopher.riley at r-it.at (Apr 12)
- Fw: MS08-067 Win2K3 German lang. support <<< Untrusted Mail >>> hdm (Apr 12)