Dailydave mailing list archives

Re: SPIKE actually scores.

From: pageexec () freemail hu
Date: Thu, 14 Jul 2005 23:04:45 +0100

On 14 Jul 2005 at 13:43, Dave Aitel wrote:

pageexec () freemail hu wrote:

rdpwd.sys from XPSP2? ;-)

Ah, that'd make sense. RDP would pass through the firewall since it
would need to be used for the remote helper service.


i think this is the driver in question indeed. the bug is at
a 'mov cl,[eax+1]' where eax apparently pointed to an invalid
address. given that this is inside a 4kB long function (the
calltree is:
   ShareClass::CompressV2Int24
   ShareClass::CompressV2Int32
   ShareClass::BC_Compress
   ShareClass::BC_CompressBitmap
   ShareClass::SDGSendSDARectWorker
   ShareClass::SDGSendSDARect
   ShareClass::SDG_SendScreenDataArea
   ShareClass::UP_SendUpdates
   ShareClass::DCS_TimeToDoStuff
   _WD_Ioctl),
i can imagine there's more than a mere DoS in this. in any
case, next patch tuesday will probably come sooner than
they expected it ;-).

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

SPIKE actually scores. Dave Aitel (Jul 14)
- Re: SPIKE actually scores. pageexec (Jul 14)
  - Re: SPIKE actually scores. Dave Aitel (Jul 14)
    - Re: SPIKE actually scores. pageexec (Jul 14)