hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > General Network Security
shadowdancer123
Feb 17 2004, 07:03 AM
hi all ,
can anyone tell me what exactly is Exchange XEXCH50 Buffer Overflow ???
Is there POC code to demonstrate the same ?

Regards
Shadow
muts
Feb 17 2004, 09:05 AM
It's a heap overflow, wich makes it much harder to write a working exploit, due to the dynamic stack.

There's a POC (just to check for the vulnerability) at:

http://metasploit.com/tools/ms03-046.pl

H.D Moore is also supposed to release Framework 2.0 in the next few days, and hopefully, this framework will include a working version of the exchange exploit, as is suggested here:

http://metasploit.com/tools/msfweb.jpg

Check the metasploit projects in the next few days...(metasploit.com).

Core Impact also has a working version of this exploit.
ch0pper
Feb 17 2004, 11:13 AM
yes core impact version 3.3 has it and it works very nice biggrin.gif
R0x0r
Feb 17 2004, 11:33 AM
Please share it ch0pper.. That would be nice smile.gif
muts
Feb 17 2004, 03:40 PM
And *highly* illegal....Also, Core Impact has your license pre-compiled into the application...
Skydriver
Feb 18 2004, 08:20 AM
ch0pper did u try it on core impact and is it work
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.