MS Windows (SMB) Transaction Response Handling Exploit (MS05-011)

Exploit for unknown platform in category dos / poc ================================================================= MS Windows SMB Transaction Response Handling Exploit MS05-011 ================================================================= / Windows SMB Client Transaction Response Handling...

Microsoft Windows - 'SMB' Transaction Response Handling (MS05-011)

/ Windows SMB Client Transaction Response Handling MS05-011 CAN-2005-0045 This works against Win2k cybertronicatgmxdotnet http://www.livejournal.com/users/cybertronic/ usage: gcc -o mssmbpoc mssmbpoc.c ./mssmbpoc connect via \ip and hit the netbios folder! STOP: 0x00000050...

MS Windows (SMB) Transaction Response Handling Exploit (MS05-011)

漏洞描述：Windows SMB客户端在处理SMB响应时存在一个缓冲区溢出漏洞。恶意的SMB服务器可以利用这个漏洞在连接该服务器的SMB客户端主机上执行任意命令。MRXSMB.SYS驱动负责执行SMB客户端操作以及处理SMB服务器返回的响应。一些重要的Windows文件共享操作以及所有的RPC-over-named-pipes操作使用SMB命令Trans25h和Trans232h。一个恶意的SMB服务器通过发送特殊的Transaction响应数据可能导致一个缓冲区溢出漏洞。溢出可能发生在任何这个数据被处理的地方，例如MRXSMB.SYS或其他客户端代码中。例如，如果Trans2...

Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability

Windows NT 4.0 was found to be vulnerable to bugs resolved in the MS05-011 patch. Microsoft will not be releasing a public Windows NT 4.0 patch due to the products end of life. Microsoft has however created a private patch for customers whom have paid for extended Windows NT 4.0 support. For more...