Microsoft Windows Server Service Remote Buffer Overflow Vulnerability

Proof-of-concept exploits are available to members of the Immunity Partners program:

https://www.immunityinc.com/downloads/immpartners/ms06_040.tgz
https://www.immunityinc.com/downloads/immpartners/ms06_040.tar.gz

Another exploit for Immunity Partners is available:

https://www.immunityinc.com/downloads/immpartners/ms06_040-1.tar

This exploit reportedly works reliably against Windows 2003 with no service packs.

A Metasploit exploit module is available. It reportedly works against Windows NT 4.0, Windows 2000, Windows 2000 SP1 - SP4, Windows XP, and Windows XP SP1. It may result in a denial-of-service condition for Windows XP SP2 and Windows 2003 SP1.

A version of the Metasploit module has been ported to C and is available.

An additional exploit by ub3r st4r is available.


 

Privacy Statement
Copyright 2010, SecurityFocus