Interesting WINS exploit analysis

[hdm at metasploit.com (H D Moore)]

Any chance you could forward me a copy of this off-list? There are 
actually two different WINS vulnerabilities; a buffer overflow and an 
arbitrary memory overwrite. Supposedly the memory overwrite will only 
work on Windows NT 4.0 and Windows 2000. The memory overwrite 
vulnerability is the one exploited by the wins_ms04-045.pm module. The 
buffer overflow should be portable across OS versions, but I didn't have 
time to look into the vector yet. Any traffic dumps and/or code would be 
handy :-)

-HD


On Thursday 20 January 2005 20:37, Base64 wrote:
> A recent worm that was found exploiting the  WINS MS04-045
> vulnerability was captured and analyzed by Steve Friedl at unizwiz.
> This exploit code used was dropped by the trojan as a standalone
> binary , and contains working(?) targets for several versions of
> windows including windows 2003.  Friedl includes packet captures, and
> copies of both the trojan and the exploit binary.  It would be very
> nice to add these targets to the metasploit module for this
> vulnerability, I will try to look over the code and modify this module
> to work on windows 2003, and any help would be appreciated as I am
> somewhat new to vuln-dev.  If anyone comes up with anything please let
> us all know, thanks.
>
> Adrian Castro