Comment Re:Exploit? (Score 2) 233
Oh, this is fully exploitable.
Perhaps the people who released the advisory wanted to wait for a patch from MS before releasing their exploit...
It's going to be a very scary couple of days. I would suggest that any IIS admins fix things right away...
This kind of hole could be used very easily to run an "egg" that would open a remote command shell, or install NetBus or Back Orifice 2000
http://www.bo2k.com
Watch that space, and remember DefCon is July 9-11 in Las Vegas.
Perhaps the people who released the advisory wanted to wait for a patch from MS before releasing their exploit...
It's going to be a very scary couple of days. I would suggest that any IIS admins fix things right away...
This kind of hole could be used very easily to run an "egg" that would open a remote command shell, or install NetBus or Back Orifice 2000
http://www.bo2k.com
Watch that space, and remember DefCon is July 9-11 in Las Vegas.
