Land #12646, ms04_007 reliability and stability updates

rapid7 · Dec 4, 2019 · faadf8e · faadf8e
2 parents a14df77 + d65757f
commit faadf8e
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/modules/exploits/windows/smb/ms04_007_killbill.rb b/modules/exploits/windows/smb/ms04_007_killbill.rb
@@ -17,7 +17,8 @@ def initialize(info = {})
         Microsoft ASN.1 library. This vulnerability is not related
         to the bit string vulnerability described in eEye advisory
         AD20040210-2. Both vulnerabilities were fixed in the
-        MS04-007 patch.
+        MS04-007 patch.  Windows 2000 SP4 Rollup 1 also patches this
+        vulnerability.
 
         You are only allowed one attempt with this vulnerability. If
         the payload fails to execute, the LSASS system service will
@@ -41,7 +42,6 @@ def initialize(info = {})
           [ 'OSVDB', '3902' ],
           [ 'BID', '9633'],
           [ 'MSB', 'MS04-007'],
-
         ],
       'DefaultOptions' =>
         {
@@ -63,13 +63,18 @@ def initialize(info = {})
             },
           ],
         ],
+      'Notes'          =>
+        {
+          'AKA'         => [ 'kill-bill' ],
+          'Reliability' => [ UNRELIABLE_SESSION ],
+          'Stability'   => [ CRASH_OS_RESTARTS, CRASH_SERVICE_DOWN ]
+        },
       'DisclosureDate' => 'Feb 10 2004',
       'DefaultTarget' => 0))
 
-    register_options(
-      [
-        OptString.new('PROTO', [ true,  "Which protocol to use: http or smb", 'smb']),
-      ])
+    register_options [
+      OptEnum.new('PROTO', [true, 'Which protocol to use', 'smb', %w[smb http]]),
+    ]
   end
 
   # This exploit is too destructive to use during automated exploitation.