关键信息 漏洞名称: ConSentry FIP Server v1.3.7 Beta Buffer Overflow Vulnerability 描述: 通过发送特制的USB数据包到服务器,可以覆盖硬编码的函数指针,从而执行任意代码。 影响版本: ConSentry FIP Server v1.3.7 Beta 平台: Windows XP SP3, Windows Server 2008 披露日期: 2012-06-08 作者: Chao's Huang 模块类型: Exploit::Remote 目标: - Windows XP SP3 - English - Windows Server 2008 - English 功能指针: - Windows XP SP3: 0x7C90E514 (wsock32.dll) - Windows Server 2008: 0x77C21D44 (wsock32.dll) 修复地址: - Windows XP SP3: 0x71AB2626 - Windows Server 2008: 0x71U02031 稳定性: UNKNOWN_STABILITY 副作用: UNKNOWN_SIDE_EFFECTS 默认选项: - EXITFUNC: seh - Platform: win - Payload: windows/meterpreter/reverse_tcp - Space: 1000 - BadChars: "\x00\x0a\x0d" - StackAdjustment: -3500 - DisablePayloadHandler: true