Full Disclosure mailing list archives

RE: EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II

From: Jeff.Urnaza () averydennison com
Date: Wed, 10 Sep 2003 16:05:02 -0700


Yes, the correct version is now available on eEye's site.



                                                                                                                        
  
                      "Chris DeVoney"                                                                                   
  
                      <cdevoney@u.washi        To:       <Jeff.Urnaza () averydennison com>, "'Full-Disclosure'"        
     
                      ngton.edu>                <full-disclosure () lists netsys com>                                   
     
                                               cc:                                                                      
  
                      09/10/2003 03:36         Subject:  RE: [Full-disclosure] EEYE: Microsoft RPC Heap Corruption      
  
                      PM                        Vulnerability - Part II                                                 
  
                                                                                                                        
  
                                                                                                                        
  




On Wednesday, September 10, 2003 1:26 PM, Jeff.Urnaza () averydennison com
wrote:

The version number in eEye's supposed *new* scanner is the
same version number  as the one they release for the previous
RPC exploit, v1.0.4.


Pardon my interuption, but the version I downloaded about noon-ish PDT has
version 1.1.0 in both its Help-About and its file properties. It does
report
vulnerabilities to MS03-026 and -039.


cdv

------------------------
Chris DeVoney
Clinical Research Center Informatics
University of Washington
cdevoney () u washington edu
206-598-6816
------------------------







-----------------------------------------
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient
is prohibited. If you received this in error, please contact the
sender and delete the material from any computer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II Marc Maiffret (Sep 10)
- <Possible follow-ups>
- Re: EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II Jeff . Urnaza (Sep 10)
  - RE: EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II Chris DeVoney (Sep 10)
    - MS03-039 - Exploit ... Elv1S (Sep 10)
    - MS03-039 - Exploit ... Elv1S (Sep 10)
  - RE: EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II Marc Maiffret (Sep 10)
- RE: EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II Jeff . Urnaza (Sep 10)