Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:41:31 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1412473084&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1003-exploits%2Fpwn-isapi.cpp.txt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1412473084.1338180091.1338180091.1338180091.1%3B%2B__utmz%3D32867617.1338180091.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/86964/pwn-isapi.cpp.txt http://packetstormsecurity.org/files/86964/pwn-isapi.cpp.txt http://packetstormsecurity.org/files/86964/Apache-2.2.14-mod_isapi-Remote-SYSTEM-Exploit.html Sat, 06 Mar 2010 16:10:33 GMT Apache version 2.2.14 mod_isapi remote SYSTEM exploit. Due to the nature of the vulnerability, and exploitation method, DEP should be limited to essential Windows programs and services. At worst, if DEP is enabled for the Apache process, you could cause a constant DoS by looping this (since apache will automatically restart).