58 matches found
Design/Logic Flaw
The IOCTL 9031 BIOCGSTATS handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet Irp parameters...
Immunity Canvas: WINPCAP
Name| winpcap ---|--- CVE| CVE-2007-3681 Exploit Pack| CANVAS Description| winpcap Notes| CVE Name: CVE-2007-3681 VENDOR: WinPcap.org URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550 Notes: This exploit will auto-target based on reading a kernel file on Windows 2000 o...
CVE-2007-3681
The IOCTL 9031 BIOCGSTATS handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet Irp parameters...
CVE-2007-3681
The CVE-2007-3681 issue affects WinPcap’s NPF.SYS kernel driver (before 4.0.1). The IOCTL 9031 handler BIOCGSTATS allows local users to overwrite memory via malformed Irp parameters, enabling arbitrary code execution in kernel context. Impact is local privilege escalation. Remediation is to upgra...
CVE-2007-3681
The IOCTL 9031 BIOCGSTATS handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet Irp parameters...
WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit
No description provided by source. / WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 4.0 and previous WinPcap fixed version stable : WinPcap 4.0.1 ...
WinPcap NPF.SYS驱动BIOCGSTATS参数本地权限提升漏洞
BUGTRAQ ID: 24829 WinPcap是WIN32平台上的网络分析和捕获数据包的链接库。 WinPcap的NPF.SYS驱动实现上存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 NPF.SYS驱动没有对传送给IOCTL 9031(BIOCGSTATS)的中断请求报文(IRP)参数执行充分的验证,如果向这个IOCTL发送了恶意参数,就可能导致覆盖任意内核内存。在默认安装中,只有在管理员使用了依赖于WinPcap的应用程序并初始化WinPcap时才会加载有漏洞的驱动。一旦加载,普通用户也可访问有漏洞的驱动,且在程序退出时也不会卸载驱动,除非手动卸载,否则攻击者仍可访问。...
WinPcap NPF.SYS Privilege Elevation Vulnerability
WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 3.1 - WinPcap 4.1 Operating systems affected Confirmed - Windows 2000 SP4 Both server and workstation -...
iDefense Security Advisory 07.09.07: WinPcap NPF.SYS Local Privilege Escalation Vulnerability
WinPcap NPF.SYS Local Privilege Escalation Vulnerability iDefense Security Advisory 07.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 09, 2007 I. BACKGROUND WinPcap is a software package that facilitates real-time link-level network access for Windows-based operating systems. It...
WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit
Exploit for unknown platform in category local exploits ================================================================= WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit ================================================================= / WinPcap NPF.SYS Privilege Elevation...
WinPcap 4.0 - 'NPF.SYS' Local Privilege Escalation
/ WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 4.0 and previous WinPcap fixed version stable : WinPcap 4.0.1 Note : There was an error in the previous...
WinPcap 4.0 - NPF.SYS Local Privilege Escalation
WinPcap 4.0 - NPF.SYS Local Privilege Escalation / WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit ------------------------------------------------------------- Affected software: WinPcap versions affected Confirmed - WinPcap 4.0 and previous WinPcap fixed version stable : WinPcap...
WinPcap NPF.SYS Local Privilege Escalation
WinPcap, a packet capture and filtering engine, is installed on the remote Windows host. The version of WinPcap on the remote host enables a local user to execute arbitrary code in kernel context because it fails to sufficiently sanitize Interrupt Request Packet parameters before passing them to...
Sniffit 0.3.7 FOR NT installation and examples-vulnerabilities-warning-the black bar safety net
Sniffit 0.3.7 launched the NT version, also support WINDOWS2000, I want to hurry to try, because I A friend wanted to install Netxray 3. 0 3 in WIN2K 2000BETA3 equipped not, is probably not supported by WIN2K. So see SNIFFIT NT version I this morning to pull it down. This sniffit need WinPcap...
ARPSniffer get the highest permissions-bug warning-the black bar safety net
Suppose you want to attack the host IP is:61.139.1.79 The same subnet the next, we have the right to limit the host IP is:61.139.1. 8 8 and 3 3 8 9 landing The first step: tracert 61.139.1.1 C:\WIN2000\system32tracert 61.139.1.1 Tracing route to HACK-4FJ7EARC 61.139.1.1 over a maximum of 3 0 hops...
ethereal_slimp3_bof.py.txt
Ethereal SLIMP3 Remote Buffer Overflow PoC Bug Discoverd by Vendor?2005-10-19 Coded by Sowhat http://secway.org 2005-10-20 This PoC will crash the Ethereal Tested with Ethereal 0.10.12, WinPcap 3.1 beta4, WinXP SP2 For educational purpose only, Use at your own risk! Version 0.9.1 to 0.10.12...
Microsoft Windows XP2003 - IPv6 Remote Denial of Service
Microsoft Windows XP2003 - IPv6 Remote Denial of Service // // Example usage: LandIpV6 \Device\NPFB1751317-BAA0-43BB-A69B-A0351960B28D //fe80::2a1:b0ff:fe08:8bcc 135 // // Written by: Konrad Malewski. // include include include include include include...
Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack.
Hi! The land attack described in - http://www.securityfocus.com/archive/1/392354 - is fixed for ipv4 by last security updates, but not for ipv6 protocol. As in IpV4 version of the attack, the build-in firewall has to be turned off to experience the result 1-5 seconds of DoS condition. Tools used:...