vendor:
Windows 7/2008
by:
sleepya
8,1
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Windows 7/2008
Affected Version From: Windows 7 SP1 x64, Windows 2008 R2 SP1 x64, Windows 7 SP1 x86, Windows 2008 SP1 x64, Windows 2008 SP1 x86
Affected Version To: Windows 7 SP1 x64, Windows 2008 R2 SP1 x64, Windows 7 SP1 x86, Windows 2008 SP1 x64, Windows 2008 SP1 x86
Patch Exists: YES
Related CWE: CVE-2017-0143
CPE: o:microsoft:windows_7::sp1:x64, o:microsoft:windows_7::sp1:x86, o:microsoft:windows_server_2008::r2:sp1:x64, o:microsoft:windows_server_2008::sp1:x64, o:microsoft:windows_server_2008::sp1:x86
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2017
EternalBlue exploit for Windows 7/2008 by sleepya
EternalBlue exploit for Windows 7/2008 by sleepya is a buffer overflow exploit which uses heap of HAL (address 0xffffffffffd00010 on x64) for placing fake struct and shellcode. The exploit trick is same as NSA exploit and the overflow is happened on nonpaged pool. The exploit use SMB_COM_TRANSACTION2 for allocating srvnet buffer and SMB_COM_NT_TRANSACT for controlling srvnet buffer.
Mitigation:
Apply the latest security patches from Microsoft and disable SMBv1 protocol.
