MS10-020

This bug was discovered back in december 2009, and patched by microsoft in April 2010.
This issue is a basic stack overflow affecting only windows 7/2008R2 smb1 implementation.
It’s actually a nice bug as the affected function is not protected by a canary, and allow us to redirect the flow anywhere we want to.
You can find the full advisory about this bug here : http://seclists.org/fulldisclosure/2010/Apr/201
Have phun !
PoC url : http://pastebin.com/h3jSyJTN

Print Share Comment Cite Upload Translate

APA

() » MS10-020. Retrieved from https://www.truth.cx/2010/04/17/ms10-020/.

MLA

" » MS10-020." - , https://www.truth.cx/2010/04/17/ms10-020/

HARVARD

» MS10-020., viewed ,

VANCOUVER

- » MS10-020. [Internet]. [Accessed ]. Available from: https://www.truth.cx/2010/04/17/ms10-020/

CHICAGO

" » MS10-020." - Accessed . https://www.truth.cx/2010/04/17/ms10-020/

IEEE

" » MS10-020." [Online]. Available: https://www.truth.cx/2010/04/17/ms10-020/. [Accessed: ]

Select a language: Afrikaans Albanian Arabic Armenian Basque Bengali Bulgarian Catalan Cambodian Chinese (Mandarin) Croatian Czech Danish Dutch English Estonian Fiji Finnish French Georgian German Greek Gujarati Hebrew Hindi Hungarian Icelandic Indonesian Irish Italian Japanese Javanese Korean Latin Latvian Lithuanian Macedonian Malay Malayalam Maltese Maori Marathi Mongolian Nepali Norwegian Persian Polish Portuguese Punjabi Quechua Romanian Russian Samoan Serbian Slovak Slovenian Spanish Swahili Swedish Tamil Tatar Telugu Thai Tibetan Tonga Turkish Ukrainian Urdu Uzbek Vietnamese Welsh Xhosa This bug was discovered back in december 2009, and patched by microsoft in April 2010.<br />This issue is a basic stack overflow affecting only windows 7/2008R2 smb1 implementation.<br />It's actually a nice bug as the affected function is not protected by a canary, and allow us to redirect the flow anywhere we want to.<br />You can find the full advisory about this bug here : http://seclists.org/fulldisclosure/2010/Apr/201<br />Have phun !<br />PoC url : http://pastebin.com/h3jSyJTN<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/__1-6-1is-1Y/S8nCSlrscJI/AAAAAAAAAG0/6rLXQQ0TDDs/s1600/Windows7-32-2010-04-17-16-52-17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/__1-6-1is-1Y/S8nCSlrscJI/AAAAAAAAAG0/6rLXQQ0TDDs/s320/Windows7-32-2010-04-17-16-52-17.png" /></a></div> First name:

Last name: