On Tue, 07 Oct 2003 11:02:13 EDT, [EMAIL PROTECTED] said:
> Hi,
>
> I'm rather new to this list, and I think I may have missed some of the
> background on this - could someone bring me up to speed as to what is
> happening here?
Allchin said under oath that Microsoft didn't want to release the A
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 07, 2003 6:28 PM
Subject: RE: [Full-Disclosure] Allchin bug p-o-c.
So how large of an impact are we looking at here for the average networked
environment? I don't see this servi
ECTED]
Subject: Re: [Full-Disclosure] Allchin bug p-o-c.
On Tue, 07 Oct 2003 11:02:13 EDT, [EMAIL PROTECTED] said:
> Hi,
>
> I'm rather new to this list, and I think I may have missed some of the
> background on this - could someone bring me up to speed as to what is
> happening
ginal Message-
From: Dave Korn [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2003 6:56 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Full-Disclosure] Allchin bug p-o-c.
Here's p-o-c code for the allchin vulnerability. It allows you to write a
(fairly) arbitrary DWORD
Here's p-o-c code for the allchin vulnerability. It allows you to write a
(fairly) arbitrary DWORD to a (also fairly) arbitrary address in the memory
space of mqsvc.exe on a remote w2k server. It should be straightforward
enough to turn that into any kind of remote shell sploit using the stan