CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.1%
Added: 06/16/2009
CVE: CVE-2009-0228
BID: 35206
The Windows Print Spooler manages the printing process on Windows operating systems.
A buffer overflow vulnerability in the EnumeratePrintShares function in the Windows Print Spooler service allows arbitrary command execution when a specially crafted ShareName is received from a malicious print server.
Apply the patch referenced in Microsoft Security Bulletin 09-022.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=806>
Exploit works on Windows 2000.
Exploit requires the ability to bind to port 445/TCP on the SAINTexploit host.
The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required to run this exploit. These packages are available from <http://cpan.org/modules/by-module/>.
Windows 2000