header-logo
Suggest Exploit
vendor:
Kartoffel
by:
Rubén
8.8
CVSS
HIGH
MS08-066
119
CWE
Product Name: Kartoffel
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2008-4250
CPE: Unknown
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

K-plugin for Kartoffel Exploit

This exploit is related to the MS08-066 bulletin and is a k-plugin for Kartoffel. It exploits a flaw patched in the recent MS08-066 bulletin. Researchers interested in digging a little bit more into this flaw can take a look at afd!AfdGetRemoteAddress and/or check the blog post at http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx

Mitigation:

Patch the vulnerability
Source

Exploit-DB raw data:

Hi,

I have just uploaded a k-plugin for Kartoffel, which exploits a flaw
patched in the recent MS08-066 bulletin.

http://kartoffel.reversemode.com/downloads.php
backup: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6757.zip (2008-afd_plugin.zip)


For those researchers interesting in digging a little bit more into this
flaw, just take a look at afd!AfdGetRemoteAddress and/or check this out

http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx

Regards,
Rubén.

# milw0rm.com [2008-10-15]