[framework] ms04_031_netdde
Alexander Sotirov
asotirov at determina.com
Tue Feb 27 22:48:48 CST 2007
In MS04-031 Microsoft says:
"After the NetDDE services are started, any anonymous user who could deliver a
specially crafted message to the affected system could attempt to remotely
exploit this vulnerability"
This seems to imply that no authentication is necessary, but the exploit doesn't
work with an anonymous connection. When I run ms04_031_netdde I get:
Exploit failed: The server responded with error: STATUS_ACCESS_DENIED
If I set SMBUSER and SMBPASS, the exploit works, but these two options are not
listed in the exploit info message. Are they really needed, or is there
something I am missing?
Thanks,
Alex
More information about the framework
mailing list