Fw: MS08-067 Win2K3 German lang. support <<< Untrusted Mail >>>

[christopher.riley at r-it.at (christopher.riley at r-it.at)]

Yep, I was only talking NO NX. As you said this won't bypass DEP.

Chris John Riley


----- Original Message -----
From: hdm
Sent: 12.04.2009 18:00 EST
To: framework at spool.metasploit.com
Subject: Re: [framework] Fw: MS08-067 Win2K3 German lang. support       <<<     Untrusted Mail >>>



On Mon, 2009-04-13 at 00:44 +0200, christopher.riley at r-it.at wrote:
> Just to add to the previous email. I've looked at the Win2K3 Universal
> exploit that uses CALL ESI in svchost.exe. Not sure why I didn't see
> this before. I've taken a look at the svchost.exe from sp2 (English
> and German) they both appear to have a CALL ESI at 0x01001173. If
> somebody with a 3rd language edition of Win2K3 sp2 could check this as
> well it could be a suitable universal for sp2. The exploit seems to
> run fine using this address on the German edition.


I can check across all service packs later on -- but that return type
will not bypass NX/DEP.

-HD

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. 
Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. 
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for 
exchange of legally-binding communications.
----------------------------------------