Metasploit modules that can be used to exploit Microsoft » Windows 2003 Server » standard sp1
-
MS06-025 Microsoft RRAS Service RASMAN Registry Overflow
Disclosure Date: 2006-06-13First seen: 2020-04-26exploit/windows/smb/ms06_025_rasmans_regThis module exploits a registry-based stack buffer overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\.DEFAULT\Software\Microsoft\RAS Phonebook Authors: - pusscat <pusscat@metasploit.com> - hdm <x@hdm.io> -
MS06-025 Microsoft RRAS Service Overflow
Disclosure Date: 2006-06-13First seen: 2020-04-26exploit/windows/smb/ms06_025_rrasThis module exploits a stack buffer overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Authors: - Nicolas Pouvesle <nicolas.pouvesle@gmail.com> - hdm <x@hdm.io> -
Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution
Disclosure Date: 2005-12-27First seen: 2020-04-26exploit/windows/browser/ms06_001_wmf_setabortprocThis module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This module generates a random WMF record stream for each request. Authors: - hdm <x@hdm.io> - san <san@xfocus.org> - O600KO78RUS <O600KO78RUS@unknown.ru>
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details