Re: Windows 2000 .printer remote overflow proof of concept exploit....

[Joshua Dodds <jdodds () bevelander nl>]

> It's out there. I've seen logs indicating the attacker put a "root.exe" file
> on the IIS5 host and then were able to issue a command to run this file via
> the overflow. I don't have any more specific information on the contents of
> the root.exe file or the exact script used, etc. at this time.

root.exe is just cmd.exe copied to root.exe!  doh!

-jd