Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Yup exploit for MS13-071, in order to trigger the user should open the malicious msf.theme file, and check the Screen Saver tab.
It has been tested on XP SP3 and 2003 SP2 successfully. (Bug related to XP and 2003).
The vulnerability, basically is due to the handling of the screenserver, an arbitrary path can be used, including remote SMB paths. Since an screenserver is just an exe, gameover.
The most interesting about the module is that it's including the SMBServer mixin, and implementing the routines to provide the screen server file! It's the first step towards a mixin which provides a SMB (anonymous) share and configure the files to provide. So in the future the SMB code should be moved to a mixin, but atm, since it's early code, I feel more comfortable with just adding some code to the module, so people can test, fill bugs if it isn't working in any environment, etc. Also, I get a first code review :) So yup, just explaining why it's not in a mixin atm.
The module has two modes: