Re: MSRPC vulnerability 1 billion and six?

[H D Moore <hdm-daily-dave () digitaloffense net>]

This bug is much wider scoped than most people realize, a friend of mine 
found it when writing his muddle implementation a few months ago. You can 
trigger it about 12 different ways on Win2000 and at least 2 different 
ways on XP. The bug itself is pretty silly (oh noes! arbitrary malloc!), 
but you can use it to exploit out of memory conditions in other services. 

On Windows XP SP2, one of the vectors is a function in the "Server" 
service, accessible via the \BROWSER pipe.

-HD

On Thursday 17 November 2005 06:29, Dave Aitel wrote:
> I have to assume its just "connect to a service, send it a lot of
> data". I don't see why that wouldn't work against SP2. You can connect
> to services and send lots of data on SP2 as well.
>
> Of course, it's irresponsible of Microsoft to not offer more
> information on what the vulnerability is, so that customers can be
> informed and protect themselves. Does anyone have the code itself so
> all the various IPS/IDS teams out there can provide solutions, and the
> free software community can devise free solutions?