On Wed, 08 Aug 2001, Meritt James spewed into the ether: > "running" or "installed"? It is my understanding that the vulnerability > exists if the files and mapping are there no matter the process state of > the IIS server. Is my understanding incorrect? The machine is vulnerable, but not exploitable. Your understanding is not wrong, but you are falling into the trap of automatically assuming anything vulnerable to be exploitable. A service which is not running cannot be exploited. If IIS is not running, then the GET request which causes the buffer overflow will never be sent, since the connection initiation will itself get a RST. The machine is exploitable iff IIS is available a\nd responding. <snip> Devdas Bhagat -- "He did decide, though, that with more time and a great deal of mental effort, he could probably turn the activity into an acceptable perversion." -- Mick Farren, "When Gravity Fails"
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 12:17:30 PDT