ms06-040 ETA?

[rhyskidd at gmail.com (Rhys Kidd)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Give HD and the other devs the time they need to get it working reliably :)

Although I haven't played with this bug, I'd assume the exploit will be a
bit different to the usual win32 ones, as it almost certainly overflows in
kernel space, and will require a new payload once EIP is controlled. 

Although there has been a few papers on kernel shellcode, notably from
eEye's Barnaby Jack, there hasn't been much further public demonstration of
kernel space exploitation techniques.

Should be interesting! 



- -----Original Message-----
From: dajackman [mailto:robby.lists at gmail.com] 
Sent: Thursday, 10 August 2006 2:58 AM
To: framework at metasploit.com
Subject: Re: [framework] ms06-040 ETA?

We are more than willing to test what you have  :)

On 8/9/06, H D Moore <hdm at metasploit.com> wrote:
> Late tonight or tomorrow, depending on free time. The current code is 
> only reliable on Windows 2000, XP/2003 will need a bit more work.
>
> -HD
>
> On Wednesday 09 August 2006 13:43, Exibar wrote:
> > Any speculation when ms06-040 will be part of the framework?  It's 
> > just too juicy not to wanna play with :-)
> >
> >   thanks!
> >   Exibar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)

iD8DBQFE2ots7oK/a/NHBvIRArxlAJ9t1C2I2FzGpb4k3F5dQj8bpXlcxgCg0qfO
hJ8SqoRuq6EM2KA06N5Kqlc=
=A637
-----END PGP SIGNATURE-----