AW: Windows RPC 4 ? [Exploit]

["Thorsten Mayr" <tmayr () kitcon net>]

afaik this sploit only bypasses stuff like OverflowGuard or StackDefender.
a patched system will not be vulnerable... Ran the manipulated code, never made it through.....
The code equals the first rpc/dcom split codes...
Spent some time with the code - as far as I can say it is no threat at all ;)

But if one knows better - I will be pleased to be teached better

Rgds
Thorsten




> -----Ursprüngliche Nachricht-----
> Von: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] Im Auftrag von Stephen
> Gesendet: Montag, 10. November 2003 21:31
> An: full-disclosure () lists netsys com
> Betreff: Re: [Full-Disclosure] Windows RPC 4 ? [Exploit]
>
>
> yes here is the .exe file (attached) 
>
> compiled from the k-otik's source 
> http://www.k-otik.com/exploits/11.07.rpcexec.c.php
>
> and some offsets added by the othor ...
>
>
>
> --- PhilZ  wrote:
> > It's not a new RPC hole :-)
> >
> > It's an exploit for MS03-039.
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard 
> http://antispam.yahoo.com/whatsnewfree
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard 
> http://antispam.yahoo.com/whatsnewfree

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html