Here are some info regarding some MS08-067 working exploits:
=============================================
TrojanSpy:Win32/Gimmiv.A.dll
Also Known As:
DLOADER.PWS.Trojan (Dr.Web)
Summary
TrojanSpy:Win32/Gimmiv.A.dll is a trojan that gathers system information from the host computer on which it is installed. The trojan runs as a service for a short time and may delete itself after performing its data gathering routine.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
=============================================
TrojanSpy:Win32/Gimmiv.A
Also Known As:
DLOADER.PWS.Trojan (Dr.Web)
Summary
TrojanSpy:Win32/Gimmiv.A is a trojan that gathers system information from the host computer on which it is installed. The trojan may delete itself after performing its data gathering routine.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
=============================================
milw0rm Exploit:
http://www.milw0rm.com/exploits/6824
http://milw0rm.com/sploits/2008-ms08-067.zip
=============================================
And here's Alex Sotirov's decompilation of vulnerable function addressed by MS08-067:
http://www.phreedom.org/blog/2008/decompiling-ms08-067/
No comments:
Post a Comment