CVE-2019-0708 PoC — Microsoft Remote Desktop Services 资源管理错误漏洞

Source

https://github.com/blacksunwen/CVE-2019-0708

Associated Vulnerability

Title:Microsoft Remote Desktop Services 资源管理错误漏洞 (CVE-2019-0708)
Description:Microsoft Windows和Microsoft Windows Server都是美国微软（Microsoft）公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Remote Desktop Services是其中的一个远程桌面服务组件。 Microsoft Remote Desktop Services中存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源（如内存、磁盘空间、文件等）的管理不当。以下

Description

CVE-2019-0708

Readme

# CVE-2019-0708
CVE-2019-0708
python3 check 0708
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

File Snapshot


 [4.0K]  /data/pocs/a16e70d631168223f3976450b5ba214bba55b890
├── [3.3K]  checkms12-020.py
├── [ 30K]  CVE-20190708.py
└── [ 833]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!