蔷薇acome:ms05051如何利用？

MS05051漏洞扫描器
?MS05-051 Scan v1.0

Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution
Copyright 2005?by Foundstone, Inc.
http://www.foundstone.com

MS05-051 Scan 1.0 is a Windows based detection and analysis utility that can
quickly and accurately identify Microsoft operating systems that are
vulnerable to the vulnerabilities released in the MS05-051 bulletin.

MS05-051 Scan is intended for use by enterprise system and network administrators
as a fast and reliable utility for identifying at risk Microsoft systems in a
passive manner. This tool is non-abrasive in nature and may be run in production
environments during production hours.

Limitations of the tool:
The scanner is limited to 10 outgoing connections on WIndows XP SP2. This scanning limitation is caused by SP2. All other platforms will have 64 concurrent scanning threads running.

If you have anti-virus running it *may* detect this tool as an exploit. This tool *does NOT* exploit the vulnerabilty it simply determines if the machine is vulnerable or not.

Vulnerability Information:
A remote code execution and local elevation of privilege vulnerability exists in the Microsoft Distributed Transaction Coordinator that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

Using a null session, an attacker could make an RPC request to the DTC interface on a Microsoft Windows system and potentially execute arbitrary code.

This Foundstone check detects the absence of the patch by attempting to trigger the vulnerability in a nonintrusive manner over RPC.

Affected systems:

Microsoft Windows 2000 (All Versions)

For more information see:

http://www.microsoft.com/technet/security/bulletin/MS05-051.mspx

==============================================================================

FOUNDSTONE, INC.

Terms of Use

1. Acceptance of Terms

1.1.
Read these Foundstone, Inc. ("Foundstone") Terms of Use ("Terms") carefully
before you ("You") accept these Terms by: (a) selecting the "Accept" button at
the end of the Terms, or (b) downloading any of the Foundstone tools ("Tools")
located on this web site. If You do not agree to all of these Terms, select
the "Decline" button at the end of the Terms, or do not download any of the
Tools.

1.2.
The Terms are entered into by and between Foundstone and You. Foundstone
provides the Tools to You strictly subject to the Terms.

2. Permitted Use

2.1.
The Tools are freeware that You may download them for Your personal,
non-commercial use only.

2.2.
You may not modify, reverse engineer, make derivative works of, distribute,
transmit or sell any of the Tools without the express written consent of
Foundstone.

2.3.
The Tools may not be used by You or any other party for any purpose that
violates any local, state, federal or foreign law. You understand that
breaking into any network or computer system not owned by You may be illegal.

3. No Express or Implied Warranty

3.1.
THE TOOLS ARE PROVIDED TO YOU "AS IS." FOUNDSTONE MAKES NO WARRANTIES OR
REPRESENTATIONS, EXPRESS OR IMPLIED, ABOUT THE EFFECTIVENESS, COMPLETENESS OR
FITNESS OF THE TOOLS, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

4. Limitation of Liability

4.1.
YOU AGREE THAT FOUNDSTONE WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES ARISING OUT OF YOUR USE OF, OR
INABILITY TO USE, THE TOOLS, INCLUDING WITHOUT LIMITATION ANY DAMAGE TO, OR
VIRUSES OR "TROJAN HORSES" THAT MAY INFECT OR INVADE, YOUR COMPUTER EQUIPMENT
OR OTHER PROPERTY, EVEN IF FOUNDSTONE IS EXPRESSLY ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.

4.2.
YOU AGREE TO HOLD FOUNDSTONE HARMLESS FROM, AND YOU COVENANT NOT TO SUE
FOUNDSTONE FOR, ANY CLAIMS BASED OR YOUR USE OF, OR YOUR INABILITY TO USE, THE
TOOLS.

5. Indemnification

5.1.
You agree to indemnify and hold Foundstone and its subsidiaries, affiliates,
officers, agents, and employees harmless from any claim or demand, including
attorney's fees, made by any third party due to or arising out of Your use of
the Tools, breach of the Terms, or violation of the rights of another.

6. Intellectual Property Rights

6.1.
The Tools and all names, marks, brands, logos, designs, trade dress and other
designations Foundstone uses in connection with the Tools are proprietary to
Foundstone and are protected by applicable intellectual property laws,
including, but not limited to copyrights and trademarks. Accordingly, You may
not modify, reverse engineer, make derivative works of, distribute, transmit
or sell any of the Tools, nor may You remove or alter any of Foundstone's
trademarks from the Tools or co-brand any of the Tools, without the express
written consent of Foundstone.

7. Miscellaneous

7.1.
California law and controlling United States federal law govern any action
related to the Terms. No choice of law rules of any jurisdiction apply. You
and Foundstone agree to submit to the personal and exclusive jurisdiction of
the California state court located in Santa Ana, California and the United
States District Court for the Central District of California.

7.2.
The Terms constitute the entire agreement between You and Foundstone and
govern Your use of the Tools, superseding any prior agreements between You and
Foundstone (including, but not limited to, prior versions of the Terms).

7.3.
Foundstone controls and operates this website from various locations in the
United States of America and makes no representation that these Tools are
appropriate or available for use in other locations. If you use this website
from locations outside the United States of America, You are responsible for
compliance with applicable local laws, including, but not limited to, the
export and import regulations of other countries.

7.4.
These Terms and this website could include inaccuracies or typographical
errors. Foundstone may make improvements and/or changes to the Terms or the
website at any time without notice.

7.5.
The failure of Foundstone to enforce or exercise any right or provision of the
Terms does not constitute a waiver of such right or provision.

7.6.
In the event any provision of this Agreement is held to be unenforceable in
any respect, such unenforceability shall not affect any other provision of
this Agreement, provided that the expected economic benefits of this Agreement
are not denied to either party.