Immunity Canvas: MS09_022

2009-06-1018:00:00

Immunity Canvas

exploitlist.immunityinc.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.736 High

EPSS

Percentile

97.8%

Name	ms09_022
CVE	CVE-2009-0228 Exploit Pack
VENDOR: Microsoft
MSADV: MS09-022
Repeatability: One shot
Note: A string is non-zero terminated after a wcsncpy(), ending up in a miscalculation before a wcsncat(). This is kind of like an uninitialized variable issue, and thus reliable code execution depends on the content of the stack. This version of the exploit triggers the bug, bur will be not be extremely reliable. This exploit requires “root” privileges since it starts a fake SMB server on TCP port 445. There is a 4-byte difference in the stack layout if MS08-062 is not installed, making the exploit fail.
References: http://www.microsoft.com/technet/security/bulletin/ms09-022.mspx
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0228
Date public: 06/09/09
CVSS: 10.0