Re: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow

From: Maximiliano Caceres (core.lists.exploit-dev@core-sdi.com)
Date: Thu Apr 11 2002 - 12:38:40 PDT

Next message: Tim Morgan: "Re: Smashing Windows"

Previous message: The Blueberry: "Re: Smashing Windows"
In reply to: Marc Maiffret: "Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Next in thread: Ryan Permeh: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Reply: Ryan Permeh: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Marc Maiffret wrote:
 > Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow
 >
 >
 > Severity:
 > High (Remote code execution)
 > IWAM_MACHINE Privilege Level
 >

I'm missing sthg here. In all MS02-018 code-execution vulnerabilities,
IWAM_MACHINE privilege for the code is presented as a mitigation factor.

Isn't it always possible to get SYSTEM from IUSR_STHG via the
RevertToSelf() call? Is there a way of protecting against this?.

max/
-- 
Maximiliano Caceres
Product Engineer
CORE SECURITY TECHNOLOGIES

Florida 141 - 2º cuerpo - 7º piso
C1005AAC Buenos Aires - Argentina
Tel/Fax: (54 11) 4878-CORE (2673)
http://www.corest.com

--- for a personal reply use: Maximiliano Caceres <maximiliano.caceresat_private>

Next message: Tim Morgan: "Re: Smashing Windows"
Previous message: The Blueberry: "Re: Smashing Windows"
In reply to: Marc Maiffret: "Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Next in thread: Ryan Permeh: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Reply: Ryan Permeh: "RE: Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 11 2002 - 15:12:27 PDT