The paper linked below provides an extensive analysis to the Microsoft PCT Vulnerability patched in MS04-011. David Schulhoff's paper focuses on THC's exploit, and provides an excellent tutorial on exploits in general, with thorough examples.
Abstract:
On the second Tuesday, what many now refer to as patch Tuesday , of April, 2004, Microsoft released four security bulletins. Among these was Microsoft Security Bulletin MS04-011 which detailed fourteen separate vulnerabilities, six of them rated critical for one or more Windows operating systems. In the list of the vulnerability identifiers in the Technical Details section of the bulletin is the PCT Vulnerability which is also referenced as CAN-2003-07191 on the Common Vulnerabilities and Exposures website. PCT is referred to variously within Security Bulletin MS04-011 as the Private Communications Transport or Private Communication Technology protocol. For the purposes of this paper David Schulhoff selected this vulnerability and a corresponding exploit to examine in detail. We will take a look at both what makes this vulnerability a classic opportunity for exploitation and how its unique characteristics provide an insight into some basic security principles. David Schulhoff takes the approach of an individual seeking to take advantage of this opportunity , and then look at two different scenarios of organizations dealing with an incident caused by an attack on the PCT vulnerability.
