MS10-046 exploit

Newbie Member
9Feb2012,10:20   #1
katakana's Avatar
hello i'm new, anyone here know about MS10-046 exploit?
John Hoder
9Feb2012,16:35   #2
Scripting's Avatar
Yes, I know. It exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.
Newbie Member
10Feb2012,13:35   #3
katakana's Avatar
Quote:
Originally Posted by Scripting View Post
Yes, I know. It exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.
so it's allow the hacker to modify the service, am i right?
John Hoder
10Feb2012,15:13   #4
Scripting's Avatar
Yes, exactly.
Newbie Member
16Feb2012,23:00   #5
katakana's Avatar
how to check or scan this vulnerability and how it's work?
John Hoder
18Feb2012,19:35   #6
Scripting's Avatar
I'm sure you can use Metasploit framework to exploit it. But if you want to get some info about this vulnerability, i'm sure you will find tons on google, try to search.