[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] NT4 worm

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] NT4 worm
From: H D Moore <fdlist@xxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Aug 2006 14:29:57 -0500

The exploit for NT 4.0 is *exactly* the same packet as the one you would 
also use on Windows 2000. I am suprised that this is considered a "NT 4" 
worm and not a "Windows 2000 (+NT 4.0)" worm. Is something specific about 
the exploit they use that prevents it from working on Windows 2000?

-HD

On Wednesday 30 August 2006 10:11, Juha-Matti Laurio wrote:
> Are the machines you have experience especially NT4.0 machines?
> It appears that one of the PoC's (public on Monday 28th Aug) lists the
> following information: "Systems Affected:
> *  Microsoft Windows 2000 SP0-SP4
> *  Microsoft Windows XP SP0-SP1
> *  Microsoft Windows NT 4.0"
>
> but reportedly it is tested against XPSP1 and W2KSP4 systems.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] NT4 worm
  - From: Juha-Matti Laurio

Prev by Date: Re: [Full-disclosure] The current state of play
Next by Date: [Full-disclosure] php poc exploit for osCommerce <= 2.2 Milestone 2 060817 vuln found by gulftech
Previous by thread: RE: [Full-disclosure] NT4 worm
Next by thread: Re: [Full-disclosure] NT4 worm
Index(es):
- Date
- Thread