RE: MsmSetup.exe

From: Cony Zhou 周圣 (Cony.Zhou@Cpic-Ing.Com.Cn)
Date: Thu Sep 15 2005 - 01:41:12 EDT


 http://marc.theaimsgroup.com/?l=bugtraq&m=106441930021940&w=2

Something about it, maybe helpful.

-------------------------------------------------
Cony.Zhou
MCSE,MVP,CIW Security Analyst

-----Original Message-----
From: pinoch0@gmail.com [mailto:pinoch0@gmail.com]
Sent: Thursday, September 15, 2005 3:22 AM
To: pen-test@securityfocus.com
Subject: MsmSetup.exe

Hi i'm doing a pen test and i've found a apparently vulnerable server with
this vulnerability:
http://www.securitytracker.com/alerts/2003/Sep/1007796.html

The details about exploiting this bug aren't published and i don't have too
much time to find it.
Could someons help me ? maybe someone have exploit this bug ...

Thanks

----------------------------------------------------------------------------

--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities to SQL injection, Cross site scripting and other web attacks
before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
---------------------------------------------------- 
注意: 
本电子邮件所载的,是向收件人所发出的私人的、保密的讯息。如 
您误收本邮件,请注意任何对该邮件的披露,复制、传播或使用的 
行为均被严格禁止。就误收邮件的情况,请您以回复方式通知发件 
人,并删除该邮件,不得打开或复制。  
所有讯息和附件都已进行病毒检测。如本讯息附有密码保护的附件, 
则太平洋安泰的邮件系统并没有对其进行病毒检测。
-------------------------------------------------------------------------
The information in this Internet email is confidential and may be legally 
privileged. It is intended solely for the addressee. Access to this Internet
email by anyone else is unauthorised. 
If you are not the intended recipient, any disclosure, copying,distribution 
or any action taken or omitted to be taken in reliance on it, is prohibited 
and may be unlawful. When addressed to our clients any opinions or advice 
contained in this Internet email are subject to the terms and conditions 
expressed in any applicable governing Pacific-Antai's terms of business or
client 
engagement letter. 
Visit us at www.Cpic-Ing.Com.Cn 
--------------------------------------------------------------------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:54 EDT