module
MS07-029 Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)
| Disclosed | Created |
|---|---|
| Apr 12, 2007 | May 30, 2018 |
Disclosed
Apr 12, 2007
Created
May 30, 2018
Description
This module exploits a stack buffer overflow in the RPC interface
of the Microsoft DNS service. The vulnerability is triggered
when a long zone name parameter is supplied that contains
escaped octal strings. This module is capable of bypassing NX/DEP
protection on Windows 2003 SP1/SP2. This module exploits the
RPC service using the \DNSSERVER pipe available via SMB. This
pipe requires a valid user account to access, so the SMBUSER
and SMBPASS options must be specified.
of the Microsoft DNS service. The vulnerability is triggered
when a long zone name parameter is supplied that contains
escaped octal strings. This module is capable of bypassing NX/DEP
protection on Windows 2003 SP1/SP2. This module exploits the
RPC service using the \DNSSERVER pipe available via SMB. This
pipe requires a valid user account to access, so the SMBUSER
and SMBPASS options must be specified.
Authors
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.