Metasploit mailing list archives
Fw: MS08-067 Win2K3 German lang. support <<< Untrusted Mail >>>
From: christopher.riley at r-it.at (christopher.riley at r-it.at)
Date: Mon, 13 Apr 2009 01:07:09 +0200
Yep, I was only talking NO NX. As you said this won't bypass DEP. Chris John Riley ----- Original Message ----- From: hdm Sent: 12.04.2009 18:00 EST To: framework at spool.metasploit.com Subject: Re: [framework] Fw: MS08-067 Win2K3 German lang. support <<< Untrusted Mail >>> On Mon, 2009-04-13 at 00:44 +0200, christopher.riley at r-it.at wrote:
Just to add to the previous email. I've looked at the Win2K3 Universal exploit that uses CALL ESI in svchost.exe. Not sure why I didn't see this before. I've taken a look at the svchost.exe from sp2 (English and German) they both appear to have a CALL ESI at 0x01001173. If somebody with a 3rd language edition of Win2K3 sp2 could check this as well it could be a suitable universal for sp2. The exploit seems to run fine using this address on the German edition.
I can check across all service packs later on -- but that return type will not bypass NX/DEP. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework ---------------------------------------- Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908 Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for exchange of legally-binding communications. ----------------------------------------
Current thread:
- Fw: MS08-067 Win2K3 German lang. support <<< Untrusted Mail >>> christopher.riley at r-it.at (Apr 12)