[framework] ms06-040 ETA?
H D Moore
hdm at metasploit.com
Wed Aug 9 20:44:14 CDT 2006
This is a plain old stack overflow actually, the tricky part is that
exploiting XP and 2003 requires you bypass /GS protection. What bothers
me the most about this bug is that I had a PoC for it six months ago, but
overlooked an NDR encoding issue and couldn't reproduce it...
-HD
On Wednesday 09 August 2006 20:27, Rhys Kidd wrote:
> Give HD and the other devs the time they need to get it working
> reliably :)
>
> Although I haven't played with this bug, I'd assume the exploit will be
> a bit different to the usual win32 ones, as it almost certainly
> overflows in kernel space, and will require a new payload once EIP is
> controlled.
>
> Although there has been a few papers on kernel shellcode, notably from
> eEye's Barnaby Jack, there hasn't been much further public
> demonstration of kernel space exploitation techniques.
>
> Should be interesting!
More information about the framework
mailing list