• MS06-025 Microsoft RRAS Service RASMAN Registry Overflow
    Disclosure Date: 2006-06-13
    First seen: 2020-04-26
    exploit/windows/smb/ms06_025_rasmans_reg
    This module exploits a registry-based stack buffer overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\.DEFAULT\Software\Microsoft\RAS Phonebook Authors: - pusscat <pusscat@metasploit.com> - hdm <x@hdm.io>
  • MS06-025 Microsoft RRAS Service Overflow
    Disclosure Date: 2006-06-13
    First seen: 2020-04-26
    exploit/windows/smb/ms06_025_rras
    This module exploits a stack buffer overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Authors: - Nicolas Pouvesle <nicolas.pouvesle@gmail.com> - hdm <x@hdm.io>
  • Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution
    Disclosure Date: 2005-12-27
    First seen: 2020-04-26
    exploit/windows/browser/ms06_001_wmf_setabortproc
    This module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This module generates a random WMF record stream for each request. Authors: - hdm <x@hdm.io> - san <san@xfocus.org> - O600KO78RUS <O600KO78RUS@unknown.ru>
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!