module
MS07-029 Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)
| Disclosed | Created |
|---|---|
| 2007-04-12 | 2018-05-30 |
Disclosed
2007-04-12
Created
2018-05-30
Description
This module exploits a stack buffer overflow in the RPC interface
of the Microsoft DNS service. The vulnerability is triggered
when a long zone name parameter is supplied that contains
escaped octal strings. This module is capable of bypassing NX/DEP
protection on Windows 2003 SP1/SP2. This module exploits the
RPC service using the \DNSSERVER pipe available via SMB. This
pipe requires a valid user account to access, so the SMBUSER
and SMBPASS options must be specified.
of the Microsoft DNS service. The vulnerability is triggered
when a long zone name parameter is supplied that contains
escaped octal strings. This module is capable of bypassing NX/DEP
protection on Windows 2003 SP1/SP2. This module exploits the
RPC service using the \DNSSERVER pipe available via SMB. This
pipe requires a valid user account to access, so the SMBUSER
and SMBPASS options must be specified.
Authors
hdm x@hdm.io
Unknown
bcoles bcoles@gmail.com
Unknown
bcoles bcoles@gmail.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.