This module exploits a stack buffer overflow in the Workstation Service. This service is accessible via several RPC transports: TCP ports 139 and 445.
This module exploits a stack buffer overflow in the Workstation Service. This service is accessible via several RPC transports: TCP ports 139 and 445, dynamically assigned TCP or UDP ports over 1024. When a dynamic port is selected this exploit will try ports in the range from 1024 to 1056, where the WKSSVC is usually listening.
This module exploits a stack based buffer overflow in Microsoft Windows Plug and Play service's umpnpmgr.dll and installs an agent. It overwrites the Exception Handler Registration Record and forces the vulnerable function to crash by corrupting a function argument with an invalid pointer.
TrendMicro ServerProtect 5.58 with security patch 3 installed is prone to a buffer overflow vulnerability on the rpc interface that could permit the execution of arbitrary remote code. This module exploits this vulnerability and installs an agent.
Trend Micro ServerProtect is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This module exploits this vulnerability and installs an agent.
The Windows DCE-RPC Server service is prone to a buffer overflow vulnerability that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This module exploits this vulnerability and installs an agent.
This module exploits a heap based buffer overflow in the function _AddPrinterW in WIN32SPL.DLL (a component of the printer spooler service), reached through an AddPrinter remote request. Before doing so, the module manipulates the heap into a known state by using a memory leak and some other primitives. After this, the agent code is first written into a well-known location and then a function pointer is changed to divert the execution flow into this location.
This module exploits a vulnerability in the Microsoft Windows Server service sending a specially crafted RPC request.
This module exploits a command injection error in the function _AddPrinterW in Samba 3, reached through an AddPrinter remote request. For this exploit to work, the "addprinter command" option must be enabled on smb.conf, the samba configuration file. The agent will normally run as the "nobody" user, and will have limited capabilities.
Novell Client for Netware is prone to a buffer overflow vulnerability on the nwspool.dll that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This module exploits this vulnerability and installs an agent.