Posts Tagged ‘remote’

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption

This Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow […]


MS17-010 SMBv1 SrvOs2FeaToNt OOB Remote Code Execution

SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. This exploit leverages this vulnerability as described in MS17-010. Source: MS17-010 SMBv1 SrvOs2FeaToNt OOB Remote Code Execution