[maxxis]

http://www.microsoft...in/MS04-003.asp

hmm new vuln ? :>

[predx]

sweet too bad i dont know C

[gsicht]

what is mdac?

[cyrixx]

hhhm, having an mdac-scanner, but the exploit is missing :P

[QuadMedic]

:D looks good..........just need the c code

[brOmstar]

Mitigating factors:

* For an attack to be successful an attacker would have to simulate a SQL server that is on the same IP subnet as the target system.
* When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. A target system must initiate such a broadcast request to be vulnerable to an attack. An attacker would have no way of launching this first step but would have to wait for anyone to enumerate computers that are running SQL Server on the same subnet. Also, a system is not vulnerable by having these SQL management tools installed.
* Code executed on the client system would only run under the privileges of the client program that made the broadcast request.

[boshcash]

i dont think default computers are vulnerable , maybe it helps with the webservers .. and i hope that a real exploit is released ..

[Yellow_Blue]

tnx dude

[Burner]

well got the one for NT4 but not have seen it for NT5

so hope someone got it

greetz

[thatsmej]

gsicht, on Jan 14 2004, 04:36 PM, said:

what is mdac?

read you bitch

Quote

Microsoft Data Access Components

[gsicht]

Quote

read you bitch

:P

[winsoc]

gsicht , you can find all the info you need here: http://msdn.microsof...tentid=28001860

By the way, in my old job there was shitloads problems with mdac if you scroll down to the bottom of that link you will see how often a new version of mdac comes out, shit theres even SP's for MDAC.
There's obviously problems with this Component, which opens loads of doors for vulnerabilities and exploitation.
If anyone here wants to take a closer look at this with me and work together then jus let me know.