Nvidia Mental Ray Satellite Service Arbitrary DLL Injection
The Nvidia Mental Ray Satellite Service listens for control commands on port 7414. When it receives the command to load a DLL (via an UNC path) it will try to connect back to the host on port 7514. If a TCP connection is successful it will then attempt to load the DLL. This module has been tested successfully on Win7 x64 with Nvidia Mental Ray Satellite Service v3.11.1.
- Luigi Auriemma
- Donato Ferrante
- Ben Campbell <eat_meatballs [at] hotmail.co.uk>
- Windows x64
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/misc/nvidia_mental_ray msf exploit(nvidia_mental_ray) > show targets ...targets... msf exploit(nvidia_mental_ray) > set TARGET <target-id> msf exploit(nvidia_mental_ray) > show options ...show and set options... msf exploit(nvidia_mental_ray) > exploit