Aim to Exploit MS08-067 Vulnerability of Window XP and Window Server 2003
On 24 October 2008, Microsoft released an out-of-cycle patch that addressed a stack buffer overflow vulnerability in the Microsoft Windows Server service MS08-067, CVE-2008-4250. Per Microsoft, "This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit." Public exploit code and malware began circulating as soon as the patch was released. Microsoft and Symantec provided analysis on malware known as Gimmiv.A. The malware harvests and exfiltrates system information and is able to scan and exploit the MS08-067 vulnerability. The following provides analysis findings for Gimmiv.A.
Those familiar with the ms06-040 attack in Metasploit will notice that, even though there are many similarities in the attack, there are some changes in the implementation in this module. In particular, in the the ‘Targets’ section, we not only see the OS specific memory.address of a desired return-to-lib location, we now also have ‘DisableNX’ for Windows XP SP2 and SP3.
What makes this exploit special is that it bypass DEP and then send the bug string(payload) which is a path function .This vulnerability is result of parsing flaw which allows attacker to exploit it and execute its malicious code by overflowing stack.So in simple works it another example of stack overflow.
Comments
Post a Comment