Re: rpc_srvsvc_mmallocdos.rar

[scz <scz () nsfocus com>]

> Dave Aitel <dave () immunitysec com> wrote:
>
> scz wrote:
> > > Dave Aitel daveaitel at tmail.com 
> > >     
> >
> >   
> > > I'm guessing you send a large integer to function 0x30 in srvsvc via 
> > > \\browser, and xpsp2 falls to basically the same bug. I haven't had time 
> > > to test it yet though.
> > >     
> >
> > This is PoC from hume@nsfocus:
> >
> > net use \\<target>\ipc$ "" /user:""
> > <this exe> -n <target> -x <0xb000000(size)>
> >
> > That's all.
> >   
> Looks good - I've found a sorta logarithmic stepdown on the memory works 
> best...
>
> Are you making <this exe> public? :>
> -dave

I attached the rar to the first Email, but your list reject it. Now get
it from

http://www.opencjk.org/~scz/rpc_srvsvc_mmallocdos.rar

I'll delete it after one week.

By the way, FC_HARD_STRUCTURE should be FC_LGVARRAY, look MSDN.
No matter how, you do a great work.

scz <scz () nsfocus com> 2005-11-24 9:16:54

----