Trend Micro blog about itfew days ago.  This vulnerability is related to Hacking Team leaked email addresses . The issue is so trival that exploitation is a piece of cake.

 
Source: https://technet.microsoft.com/en-us/library/security/ms15-100
 
 

Based on POC  and description we just need to create a simple mcl file contains our executable path and preso it works.

The caveat for this attack is that you cannot passed an argument such as cmd.exe /c ipconfig  in the mcl file. However we can execute our payload externally via UNC PATH provided by a simple SMB Server. The steps required.

1. Generate evil payload exe
2. Setup a SMB Listener
3. Create MCL file that points to evil payload.
4. Profits.

I use Impacket SMB Server to simulate the steps above. If you are a bit creative, we can use DLL Hijacking  Method to cloak our payload .

Better patch it up fast.

Exploiting CVE-2015-2509 /MS15-100 : Windows Media Center could allow remote code execution的更多相关文章

  1. Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution

    EDB-ID: 41929 Author: vportal Published: 2017-04-25 CVE: N/A Type: Remote Platform: Windows Aliases: ...

  2. [EXP]Microsoft Windows MSHTML Engine - "Edit" Remote Code Execution

    # Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execut ...

  3. 实战Windows 7的Windows Media Center

    简介 本文讲述如何通过Windows 7的Windows Media Center搭建强劲的综合娱乐电视系统,同时讲述Windows Media Center的实际使用感受,以及如何通过Windows ...

  4. 使用 Windows Media Center 远程控制

    http://windows.microsoft.com/en-us/windows/getting-started-windows-media-center#getting-started-wind ...

  5. 在 Windows Media Center 中观看电视

    如果计算机具备了必要的硬件,则可以在电脑上使用 Windows Media Center 观看.暂停和快退直播的电视节目及录制的电视节目. 通过 Windows Media Center 观看直播电视 ...

  6. [我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability

    漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache ...

  7. [EXP]Microsoft Windows CONTACT - Remote Code Execution

    [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3 ...

  8. win7自带windows media player 已停止工作

    解决方法如下: 在计算机开始,菜单找到控制面板 ,然后打开程序和功能,选择打开或关闭window功能,媒体功能.再取消windows Media Center Windows MediaPlayer选 ...

  9. 使用 Media Center 遥控器(Windows Vista Premium)

    本文适用于安装了 Windows Vista Premium 并附带遥控器的 HP 和 Compaq 台式电脑. 本文简要介绍了三种Windows Media Center 遥控器上每个按钮的功能. ...

随机推荐

  1. mysql查询含有指定字段的所有表

    SELECT * FROM information_schema.columns WHERE column_name='userId'; TABLE_SCHEMA字段为db的名称(所属的数据库),字段 ...

  2. 详细解析ASP.NET中Request接收参数乱码原理

    起因:今天早上被同事问了一个问题:说接收到的参数是乱码,让我帮着解决一下. 实际情景: 同事负责的平台是Ext.js框架搭建的,web.config配置文件里配置了全局为“GB2312”编码: < ...

  3. NSOperationQueue 和 NSOperation

    The NSOperationQueue class regulates the execution of a set of NSOperation objects. After being adde ...

  4. #define,#undef宏学习

    1.预处理器 1.1预处理符号: __FILE__ :进行编译的源文件名字 __LINE__ :文件当前行的行号 __DATA__ :文件被编译的日期 __TIME__ :文件被编译的时间 __STD ...

  5. osgconv使用指南(转)

    osgconv是一种用来读取3D数据库以及对它们实施一些简单的操作的实用应用程序,同时也被称作 一种专用3D数据库工具. 用osgconv把其他格式的文件转换为OSG所支持的格式 osgconv是一种 ...

  6. 18 Tar Command Examples in Linux

    FROM: http://www.tecmint.com/18-tar-command-examples-in-linux/ 18 Tar Command Examples in Linux By R ...

  7. etcd的原理分析

    k8s集群使用etcd作为它的数据后端,etcd是一种无状态的分布式数据存储集群. 数据以key-value的形式存储在其中. 今天同事针对etcd集群的运作原理做了一个讲座,总结一下. A. etc ...

  8. zabbix proxy分布式监控部署

    一.proxy分布式监控介绍 来源于zabbix官网: https://www.zabbix.com/documentation/3.4/zh/manual/distributed_monitorin ...

  9. zabbix自定义触发器

    zabbix中监控项仅负责收集数据,而通常收集数据的目的还包括在某指标对应的数据超出合理范围时给相关人员发送告警信息,"触发器"正式 用于为监控项所收集的数据定义阈值,每一个触发器 ...

  10. [Angular] Angular ngSwitch Core Directive In Detail

    When want to display different component based on some conditions: <div class='course-category' [ ...