[Full-disclosure] Turning SMB client side bug to server side
laurent gaffie
laurent.gaffie at gmail.com
Fri Apr 16 10:50:59 BST 2010
Here's a small technic to compromise via a SMB client side bug the PDC/DMB
by abusing the Browser protocol, with no user interaction at all.
Browser and NBNS abusing is well known since a long time, as theses
protocols wasn't developed with security in mind, this blog post is a simple
real case example.
http://g-laurent.blogspot.com/2010/04/turning-smb-client-bug-to-server-side.html
Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100416/7ca2c087/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.