** HEADS UP ** NEW WINDOWS SSDP AND UPnP exploit
Results 1 to 2 of 2

Thread: ** HEADS UP ** NEW WINDOWS SSDP AND UPnP exploit

  1. #1
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003

    ** HEADS UP ** NEW WINDOWS SSDP AND UPnP exploit

    Greeting's

    There is a new windows vulnerability found :


    1. General overview :

    http://www.frsirt.com/english/advisories/2006/0417


    2. Proof of concept :

    http://www.frsirt.com/exploits/20060202.SrvCheck.c.php


    3. Technical detail paper (good read) :

    http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf



    This vulnerability is regarded as MODERATE and ** CANNOT ** be exploited REMOTELY.
    No patch from microsoft till now.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Nice....

    If I read this correctly it's got nothing to do with SSDP and/or uPnP as a service but it's related to the access controls on starting, stopping and changing the actual executable that gets run..

    It could also be service XX installed by vendor YY that has these same access control mistakes..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •