• info
• discussion
• exploit
• solution
• references

Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability

A working remote commercial exploit is available for Immunity CANVAS. This exploit is not otherwise publicly available or known to be circulating in the wild:

https://www.immunityinc.com/downloads/immpartners/smb2_negotiate_remote.tgz

The following exploits and proofs of concept are available:

• /data/vulnerabilities/exploits/36299.py
• /data/vulnerabilities/exploits/36299-2.rb
• /data/vulnerabilities/exploits/36299-3.c
• /data/vulnerabilities/exploits/36299-4.c
• /data/vulnerabilities/exploits/36299-5.c
• /data/vulnerabilities/exploits/36299-smb2_negotiate.sh
• /data/vulnerabilities/exploits/36299-teardrop_tng.rb
• /data/vulnerabilities/exploits/36299.jar
• /data/vulnerabilities/exploits/36299.exp
• /data/vulnerabilities/exploits/36299-11.pl
• /data/vulnerabilities/exploits/36299_metasploit.rb
• /data/vulnerabilities/exploits/36299_metasploit-2.rb
• /data/vulnerabilities/exploits/smb2_exploit_release.zip
• /data/vulnerabilities/exploits/36299.pl