----- Original Message ----- From: <[EMAIL PROTECTED]>
> > Please Please help .... > > Calling all b-hats, please pass me your BID:4855 IIS5.0 W2k exploits. Heh, so that you can successfully charge your pen-test customers? :) Speaking seriously, I think there is none at the time - heap overflows are veeeeeeery difficult to exploit (compared to stack-related buffer overflows, where there is an almost standard procedure). If anybody *does* have an exploit code, they are probably folks from eEye and from NGS Software, who discovered the vulnerability recently. DoS thing would be much easier to accomplpish I guess - it's much easier to destroy heap structures blindly then trying to overwrite them on purpose... One theoretical way of exploiting might be through structured exceptions handling - http://online.securityfocus.com/archive/82/277162/2002-06-17/2002-06-23/2 Regards, Vitaly Osipov, CISSP etc :) > > Thank you kindly > > Mark > > > Quoting Erik Birkholz <[EMAIL PROTECTED]>: > > > There are HTR expolits. Eeye has been droppin them since blackhat 1999; at > > the venetion (alarms and all) > > > > Ahhh the good ole days > > > > If you mean the new sploit, please specify the BID so we know what you are > > talking about > > > > =-) > > > > > > Erik Pace Birkholz, CISSP > > Principal Consultant - FOUNDSTONE > > 323 252 5916 > > > > > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
