Fw: MS08-067 Win2K3 German lang. support <<< Untrusted Mail >>>

[hdm at metasploit.com (hdm)]

On Mon, 2009-04-13 at 00:44 +0200, christopher.riley at r-it.at wrote:
> Just to add to the previous email. I've looked at the Win2K3 Universal
> exploit that uses CALL ESI in svchost.exe. Not sure why I didn't see
> this before. I've taken a look at the svchost.exe from sp2 (English
> and German) they both appear to have a CALL ESI at 0x01001173. If
> somebody with a 3rd language edition of Win2K3 sp2 could check this as
> well it could be a suitable universal for sp2. The exploit seems to
> run fine using this address on the German edition. 


I can check across all service packs later on -- but that return type
will not bypass NX/DEP.

-HD