Description
This module triggers a kernel pool corruption bug in SRV.SYS. Each call to the mailslot write function results in a two byte return value being written into the response packet. The code which creates this packet fails to consider these two bytes in the allocation routine, resulting in a slow corruption of the kernel memory pool. These two bytes are almost always set to "\xff\xff" (a short integer with value of -1).
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/dos/windows/smb/ms06_035_mailslotmsf undefined(ms06_035_mailslot) > show actions ...actions...msf undefined(ms06_035_mailslot) > set ACTION < action-name >msf undefined(ms06_035_mailslot) > show options ...show and set options...msf undefined(ms06_035_mailslot) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub