Re: CR II - winME? confirmation? (Slightly OT)

[Devdas Bhagat <devdas () worldgatein net>]

On Wed, 08 Aug 2001, Meritt James spewed into the ether:
> "running" or "installed"?  It is my understanding that the vulnerability
> exists if the files and mapping are there no matter the process state of
> the IIS server.  Is my understanding incorrect?
The machine is vulnerable, but not exploitable. Your understanding is
not wrong, but you are falling into the trap of automatically assuming
anything vulnerable to be exploitable. A service which is not running
cannot be exploited.

If IIS is not running, then the GET request which causes the buffer
overflow will never be sent, since the connection initiation will
itself get a RST. The machine is exploitable iff IIS is available a\nd
responding.
<snip>

Devdas Bhagat
--
"He did decide, though, that with more time and a great deal of mental
effort, he could probably turn the activity into an acceptable perversion."
                -- Mick Farren, "When Gravity Fails"