[20628] in bugtraq
Re: Windows 2000 .printer remote overflow proof of concept
daemon@ATHENA.MIT.EDU (Joshua Dodds)
Tue May 15 10:22:16 2001
Message-Id: <5.0.0.25.2.20010511105942.00ae9918@s01.bevelander.nl>
Date: Fri, 11 May 2001 11:04:31 +0200
To: BUGTRAQ@securityfocus.com
From: Joshua Dodds <jdodds@bevelander.nl>
In-Reply-To: <003f01c0d75f$719c2f60$0b64a8c0@private.kleinart.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
>
>It's out there. I've seen logs indicating the attacker put a "root.exe" file
>on the IIS5 host and then were able to issue a command to run this file via
>the overflow. I don't have any more specific information on the contents of
>the root.exe file or the exact script used, etc. at this time.
root.exe is just cmd.exe copied to root.exe! doh!
-jd
