[20544] in bugtraq
Re: Windows 2000 .printer remote overflow proof of concept exploit
daemon@ATHENA.MIT.EDU (David Litchfield)
Thu May 3 17:06:19 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <003101c0d30b$15b94be0$de9393c3@atstake.com>
Date: Wed, 2 May 2001 09:23:31 -0400
Reply-To: David Litchfield <mnemonix@GLOBALNET.CO.UK>
From: David Litchfield <mnemonix@GLOBALNET.CO.UK>
X-To: Matt Power <mhpower@BOS.BINDVIEW.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Matt Power <mhpower@BOS.BINDVIEW.COM>
> > ... , will create a file called www.eEye.com.txt on the root of
> >drive c.
> > ... This proof of concept exploit is not to be used as a
> >method of testing to see if your vulnerable or not.
>
> In some environments, security staff may be responsible for
> identifying which IIS 5.0 servers, out of a large collection of them,
> still do not have a fix in place for this vulnerability. The security
> staff may not have any convenient way to check for the existence of
Snip
My suggestion a while back, when the IIS htr overflow first arrived, was to
code up an exploit that downloads and installs the patch from a server
certified (by yourself) as safe. This way you kill two birds with one stone
;-)
Cheers,
David Litchfield
