Full Disclosure mailing list archives

Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability

From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Tue, 13 Dec 2005 20:00:57 -0000

Joshua Russel wrote in 
news:7a282fc30512131028g40d65517k2254283bfecec6db () mail gmail com

It is a local vulnerability, then how does Retina claims to scan it
remotely?


  Well, at a guess....

On 12/13/05, Advisories <Advisories () eeye com> wrote:

Systems Affected:
Windows NT 4.0
Windows 2000

Beginning with Windows XP, KeFlushQueueApc contains a code fix that
resolves this vulnerability.


... it just looks to see if the O/S is XP/2K3 or NT/2K.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability Advisories (Dec 13)
- Re: [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability Joshua Russel (Dec 13)
  - Re: [EEYEB-20050523] Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability Ron (Dec 13)
  - Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability Dave Korn (Dec 13)
    - Re: Re: [EEYEB-20050523] Windows Kernel APC Data-FreeLocal Privilege Escalation Vulnerability Tom Ferris (Dec 13)