This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft Message Queueing service. This exploit requires the target system to have been configured with a DNS name and for that name to be supplied in the 'DNAME' option. This name does not need to be served by a valid DNS server, only configured on the target machine.
97ddcdfcac6360a8a287bffee86987ac96fb0a78d175aaf132fd38c14d40c478Microsoft Windows 2000 AS SP4 Message Queue exploit that takes advantage of the vulnerability noted in MS07-065.
c98477bc57103e54dfdc98421ad052473c5dfb8a29b81a40cde4e96a8bd1735aA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. Authentication is not required to exploit this vulnerability. The specific flaw exists in the RPC interface defined on port 2103 with UUID fdb3a030-065f-11d1-bb9b-00a024ea5525. During the processing of opnum 0x06 the service copies user-supplied information into a fixed length stack buffer. Sending at least 300 bytes will trigger a stack based buffer overflow due to a vulnerable wcscat() call. Exploitation of this issue can result in arbitrary code execution. Affected versions are Windows 2000 SP4 and Windows XP SP2.
7ad73b80c43474accf67595197f54a090063d04177565333581b8946b1c2a6f3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed