Metasploit mailing list archives
Re: ms08-067 and Windows XP x64 English SP2 target
From: HD Moore <hdm () metasploit com>
Date: Sat, 13 Nov 2010 12:04:53 -0600
On 11/13/2010 5:42 AM, Florian Roth wrote:
I have been recently confronted with a Windows XP 64bit system showing several newer vulnerabilities like the MS08-067 Server Service problem and a more recent DoS vulnerability. It tried to exploit the vulnerability and noticed that there was no target specification for any kind of 64bit system at all. Is 64bit as target system completely out of scope regarding the ms08-067 module? Ist there a way to figure out the memory location that needs to be patched for successful exploitation? (a plain description, a tutorial or hints)
Its usually more complicated than this, often the 64-bit version of the vulnerable code is not exploitable, requires a different structure to exploit, or depends on ROP techniques. With that said, I only have sparse experience with exploiting 64-bit bugs on Windows, maybe someone else on the list has done more work around this specific bug. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- ms08-067 and Windows XP x64 English SP2 target Florian Roth (Nov 13)
- Re: ms08-067 and Windows XP x64 English SP2 target HD Moore (Nov 13)