Re: [PEN-TEST] RDS exploit simulation

[Steve <steve () SECURESOLUTIONS ORG>]

Why not just head over to www.wiretrip.net/rfp and read the advisories on
it?  There should be two of them, the original and an updated one.
Rain.Forrest.Puppy does an excellent job of explaining the vulnerability and
his script.  Yes, version 2.0 is also vulnerable.  I have seen and tested
boxes that are at IE5.0 and SP6a that are still vulnerable.

Regards;


Steve Manzuik
Moderator - Win2K Security Advice

Security Analyst - Bindview RAZOR
http://razor.bindview.com

-------------------------------------------

> -----Original Message-----
> From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
> Of Oliver Petruzel
> Sent: Monday, September 18, 2000 12:01 PM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] RDS exploit simulation
>
>
> > > This is because you are using patched versions being >>distributed on
> newer
> > > versions of the Option Pack and MCIS CD's.
>
> I actually have stayed away from ALL "option packs" on purpose for that
> reason.  I have been using the NT 4.0 IIS base install and then up to
> and including Service Pack 4.  Which is mdac 2.0.
>
> It was my understanding that 2.0 was still vuln.  or is it not?
> right now, I'm unable to find an old enough option pack.  The ones I
> have install mdac 2.1.
>
> Perhaps someone can better explain this vuln to me (and everyone else)
> since it is so common in the wild.  Thanks.
>
> ./oliver
>
>
> -----------------------------------------------
> FREE! The World's Best Email Address @email.com
> Reserve your name now at http://www.email.com