MS_MSDTC movie goodness

[Dave Aitel <dave () immunitysec com>]

http://www.immunitysec.com/CANVAS_DEMO/demos/msdtc.html (2 shells for 
the price of one!)

Someone pointed out to me in a private email that it is, of course, 
possible to worm MSDTC. But that's true for every exploit, and I think 
those mystic worm writers of the clouds really only write worms for 
things that work 100% of the time, and sometimes not even then. Worms 
are pretty rare, really.

As you can see from the movie, the exploit works fine, but ... unless 
there's a way to guess the VirtualAlloc return, this particular 
vulnerability is not what I would consider a worm writer's dream. But I 
could be wrong. Only the spyware people really know. 50% of the world's 
win2k boxes is 50% more than most people had last week, I guess.

The patch itself is, as my peeps tell me, basically SP5. So there's 
100000000 other vulns all of which might be much easier to make 100%. 
COM+ is one of them...

-dave