module

MS09-050 Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

Try Surface Command
Back to search
Disclosed
2009-09-07
Created
2018-05-30

Description

This module exploits an out of bounds function table dereference in the SMB
request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7
release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista
without SP1 does not seem affected by this flaw.

Authors

Laurent Gaffie laurent.gaffie@gmail.com
hdm x@hdm.io
sf stephen_fewer@harmonysecurity.com

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
    msf exploit(ms09_050_smb2_negotiate_func_index) > show targets
        ...targets...
    msf exploit(ms09_050_smb2_negotiate_func_index) > set TARGET < target-id >
    msf exploit(ms09_050_smb2_negotiate_func_index) > show options
        ...show and set options...
    msf exploit(ms09_050_smb2_negotiate_func_index) > exploit
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today