1. windows messenger service (not msn) buffer overflow could lead to code execution !

http://xforce.iss.net/xforce/alerts/id/156

2. exchange 2000 smtp service buffer overflow could lead to code execution !

http://www.secunia.com/advisories/10015/

3. Windows May Allow Installation of Arbitrary ActiveX

http://www.secunia.com/advisories/10010/

4. Windows 2000 Buffer Overflow in Windows Troubleshooter
ActiveX Control

http://www.secunia.com/advisories/10011/

--------------------------------------------------------------------------------------------

These vulns are all extremely critical !!! We'll probably see a worm pretty soon for the 1st one ....

I can't believe that hole in windows messenger service wasn't found any sooner ... how simple can it get ??? maximum MESSAGE LENGTH is not checked ??? c'mon ... i can imagine the coders overlooked something here and there but not checking the MAIN input variable of your application is just plain dumb. (and weird it wasnt found sooner !?!?!)

If anybody sees rogue code for any of these I would like to know so I can force my manager to approve the bloody patches.

'eh thanks for the info mate...

i think a normal firewall could protect you very well against those thou...
or maybe i'm wrong

THX for the info

the most effective is the windows messenger service , since it can be done easily on all winnt systems , so patch and just wait for exploit and test it on other ppl

You forgot the biggest one:

WinXP SP1 vulnerabilty to RPC Buffer Overflow(2).

From bugtraq:
**************************************************************
as confirmed by 3APA3A and security labs, it seems that the public exploit *works*
even if the patch MS03-039 is *installed*

This is a highly critical vulnerability - users MUST block vulnerable ports !

Regards.

K-OTik Staff /\\/ http://wwww.k-otik.com
**************************************************************

So yeah, the universal exploit for all windows versions of RPC(2) works even with a patched version of XP.

aaaaaah
those where meant here

*thatsmej slaps hisself*

i am talking about those 4 vulnerabilities , rpc2 of course of one of 0days , and patch doesnt do the job , and vulns are accumulating day by day ..

just check neworder 4 new bugs/exploits/overflows etc.

www.neworder.box.sk

Nice site 0xc0000005

well eather theyr real dumbassesor they wanted that hole to stay open so itll destract you from other holes they didnt figuer out how to close =D

a scanner was released for the first one

http://www.security.nnov.ru/search/exploits.asp

don't use it! it gives the vulnerable host a msg to fix the problem... doesn't help much if he then fixes it right?

what as in pop-up warnings....not tried it ?

if so hmmm ....i be reluctent to us it..could do you more harm !

just check the source-code if it's a fake and secure all buggy server, it'll never worx

Microsoft Windows Messenger Service Exploit (MS03-043)

http://www.k-otik.com/exploits/10.18.MS03-043.c.php

Follow the discussion about this POC code at : http://forums.governmentsecurity.org/index...?showtopic=3519