[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: [Full-Disclosure] Proof of concept for Windows Messenger Serviceoverflow
- To: "Paul Tinsley" <pdt@jackhammer.org>
- Subject: Re[2]: [Full-Disclosure] Proof of concept for Windows Messenger Serviceoverflow
- From: "Hanabishi Recca" <recca@mail.ru>
- Date: Sun, 19 Oct 2003 14:24:51 +0400
I put my hands on a Windows XP SP1 to test, max body length is 3880 instead of
3992. Anyway setting this value lower will give you results too.
Regards,
Recca
-----Original Message-----
From: Paul Tinsley <pdt@jackhammer.org>
To: Hanabishi Recca <recca@mail.ru>
Date: Sat, 18 Oct 2003 19:53:30 -0500
Subject: Re: [Full-Disclosure] Proof of concept for Windows Messenger
Serviceoverflow
>
> I compiled the PoC DOS with one small change so that it would accept IP
> addresses from the command line instead of recompiling per test. I ran
> the dos several times per OS, here are the results I got (none of the
> test systems have the KB828035 hotfix applied.)
>
> Windows 2000 Advanced Server SP4:
> System Crash:
> http://www.jackhammer.org/exploits/ms03-043/ms03-043_2KASsp4_POC_DOS.jpg
>
> Windows XP Gold:
> No effect
>
> Windows XP SP1:
> No effect
>
> Windows 2003 Server Enterprise Edition (default config):
> No effect
>
> Windows 2003 Server Enterprise Edition (Messenger Service turned on):
> No effect
>
> Doesn't look like this one is the silver bullet to catch them all
> (*phew*) but it does bring us a bit closer to this hole turning ugly.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html