Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forumdisplay.php?f=56)
-   -   MS10-046 exploit (http://www.go4expert.com/showthread.php?t=27756)

katakana 9Feb2012 10:20
MS10-046 exploit
 
hello i'm new, anyone here know about MS10-046 exploit?

Scripting 9Feb2012 16:35
Re: MS10-046 exploit
 
Yes, I know. It exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path. :)

katakana 10Feb2012 13:35
Re: MS10-046 exploit
 
Quote:
Originally Posted by Scripting (Post 92134)
Yes, I know. It exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path. :)
so it's allow the hacker to modify the service, am i right?

Scripting 10Feb2012 15:13
Re: MS10-046 exploit
 
Yes, exactly.

katakana 16Feb2012 23:00
Re: MS10-046 exploit
 
how to check or scan this vulnerability and how it's work?

Scripting 18Feb2012 19:35
Re: MS10-046 exploit
 
I'm sure you can use Metasploit framework to exploit it. But if you want to get some info about this vulnerability, i'm sure you will find tons on google, try to search.


All times are GMT +5.5. The time now is 01:32.