[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)

To: varcher@xxxxxxxxxxx
Subject: Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
From: Steve Hulshof <cereal@xxxxxxxxx>
Date: Thu, 4 Nov 2004 11:36:06 -0500

> The "exploit" is supposed to try to open a cmd tool on 31337 (eleet) on
> a target Windows. It fails; the window system is secure... but meanwhile,
> there's a perl IRC bot running in the background of *your* system.

From what I saw of the code yesterday a connection to the windows box
was not even attempted, i did not see a connect() or
send/sendto/sendmsg() in the code anywhere. I could be wrong, i only
looked at a glance though.


> It's not a remote exploit, it's a trojan targeting the readers of this
> list.

Agreed


Steve

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: Rich Parsons
- RE: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: raza
- Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: DanB UK
- Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: Ferdinand Klinzer
- Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
  - From: Vincent Archer

Prev by Date: [Full-Disclosure] The Bat! libpng bo?
Next by Date: Re: [Full-Disclosure] New Remote Windows Exploit (MS04-029)
Previous by thread: Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
Next by thread: Re: [Full-Disclosure] New REmote Windows Exploit (MS04-029)
Index(es):
- Date
- Thread