funsec mailing list archives

Re: exploiting MS08-021

From: RandallMan <randallm () fidmail com>
Date: Mon, 14 Apr 2008 19:53:54 -0500

============
Message: 5
Date: Mon, 14 Apr 2008 16:25:32 +0000
From: "Jon O." <jono () networkcommand com>
Subject: Re: [funsec] exploiting MS08-021
To: Paul Ferguson <fergdawg () netzero net>
Cc: funsec () linuxbox org
Message-ID: <20080414162532.GA74253 () biggins networkcommand com>
Content-Type: text/plain; charset=us-ascii




On Mon, Apr 14, 2008 at 09:57:43PM +0000, Paul Ferguson wrote:


There's more than just a PoC exploit available via milw0rm -- there
are active malicious exploits circulating in-the-wild on this since
last week.


[THIS IS ALL SPECULATION RIGHT NOW -- haven't been following any of these
patches, versions, etc.]

I haven't tested this at all, but I just reviewed the PoC and 2 minutes later
Google Desktop went down via Dr. Watson.
===========================

just my 2 cents worth but google has crashed on me a few times with
the temp folder indexing malware and such. So I suspect this to be
normal behavior if it get wacked.

-- 
RandallM
----------
It's been a wild ride for sure
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

exploiting MS08-021 Larry Seltzer (Apr 14)
- Re: exploiting MS08-021 Richard M. Smith (Apr 14)
  - Re: exploiting MS08-021 Larry Seltzer (Apr 14)
    - Re: exploiting MS08-021 Eric Sites (Apr 14)
  - Re: exploiting MS08-021 Florian Weimer (Apr 15)
- <Possible follow-ups>
- Re: exploiting MS08-021 Larry Seltzer (Apr 14)
- Re: exploiting MS08-021 Paul Ferguson (Apr 14)
- Re: exploiting MS08-021 RandallMan (Apr 14)