[framework-hackers] MS06-040 windows 2003 sp1
Robert Juninho
robert.mailing at gmail.com
Thu Apr 3 09:22:52 CDT 2008
Hi,
Anyone has an idea why MS06-040 doesn't work against SP1 while the SP0 can
even both of them have b/o protection?
As what I understand sp1 contains random cookies but when I debug this I
found, the process stopped before the cookies checking with this error msg:
Process terminated C0000409
It looks if the cookies is random, instead of overwriting the static cookies
value, if we can add own cookies value in the static address 0x71c8c1ec and
during the cookies inspection it wont fail. I found this works on sp0 but
not sp1
Any idea ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework-hackers/attachments/20080404/648b6be2/attachment.htm
More information about the Framework-Hackers
mailing list