[framework] IMail 2006 and 8.x RCPT TO Stack Overflow
Greg Linares
Glinares at PCOnsite.com
Fri Oct 20 11:14:09 CDT 2006
Thank you,
yeah milw0rm posted the exploit yesterday @
http://www.milw0rm.com/exploits/2601
i left a variable error on this line :
strcat(overflow, WinSKF);
should be
strcat(overflow, Win2KF);
silly me for depending on my compiler to catch everything :)
the MSF version should be much nicer to use :)
I was actually testing it on a bought version
let me see if i could dig up a trial version of it somewhere, the
company is only offering 2006.1 for free trial download which was
compiled with the /GS option i believe. And the one 8.x demo I found
included the HotFix with it (which results in a DoS of the service
instead of code execution)
And your opcode site is a very nice one, wish i would have gotten to use
it.
Theres always next exploit.
-----Original Message-----
From: Jerome Athias [mailto:jerome.athias at free.fr]
Sent: Friday, October 20, 2006 3:14 AM
To: Glinares at PCOnsite.com
Subject: Re: [framework] IMail 2006 and 8.x RCPT TO Stack Overflow
Hi Greg,
first, congratulations for your exploit code
Could it be possible to obtain a link to the vulnerable (trial) version
to add it here:
https://www.securinfos.info/old_softwares_vulnerable.php
Sure a msf module will be nice ;-)
Thanks
/JA
This could also interest you:
https://www.securinfos.info/international-opcodes/index.php
More information about the framework
mailing list