Microsoft Windows Workstation Service Remote Buffer Overflow Vulnerability

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Various exploits have been published, some of which are designed to target systems using NTFS filesystems and other which only affect those using FAT. The primary difference is that the exploits designed for NTFS use an undocumented Windows XP API call to log to the debug directory, which would not normally be writeable by all users.

The following exploits are designed to affect systems using FAT filesystems only:
MS03-049ex.c
o_wks.c
11.14.MS03-049-II.c

The following exploits are designed to affect systems using NTFS and FAT:
12.04.rpc_wks_bo.c
0349.cpp

An exploit that is reported to be universal for all versions of Windows XP and will work on both NTFS and FAT file systems is available (WorkstationExploit.c):


 

Privacy Statement
Copyright 2010, SecurityFocus