[20497] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ISA Server update..

daemon@ATHENA.MIT.EDU (Barnaby Jack)
Sat Apr 28 13:04:00 2001

MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID:  <001301c0cf89$b1e3cf20$020aa8c0@ns1.beavuhlabz>
Date:         Sat, 28 Apr 2001 14:19:45 +1200
Reply-To: Barnaby Jack <dspyrit@SUBDIMENSION.COM>
From: Barnaby Jack <dspyrit@SUBDIMENSION.COM>
X-To:         win2ksecadvice@listserv.ntsecurity.net
To: BUGTRAQ@SECURITYFOCUS.COM

We've now had the opportunity to do some testing on different
hosts/configurations... the results differed from ours but yet still
provided exploitable conditions.

The breaks this time were during calls to RtlAllocateHeap and RtlFreeHeap -
with careful register manipulation it is STILL possible to execute custom
code.

More detailed info later.

-dark spyrit.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20497] in bugtraq

ISA Server update..

daemon@ATHENA.MIT.EDU (Barnaby Jack)Sat Apr 28 13:04:00 2001

daemon@ATHENA.MIT.EDU (Barnaby Jack)
Sat Apr 28 13:04:00 2001