Windows Print Spooler EnumeratePrintShares buffer overflow

Added: 06/16/2009
CVE: CVE-2009-0228
BID: 35206

Background

The Windows Print Spooler manages the printing process on Windows operating systems.

Problem

A buffer overflow vulnerability in the EnumeratePrintShares function in the Windows Print Spooler service allows arbitrary command execution when a specially crafted ShareName is received from a malicious print server.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 09-022.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=806

Limitations

Exploit works on Windows 2000.

Exploit requires the ability to bind to port 445/TCP on the SAINTexploit host.

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required to run this exploit. These packages are available from http://cpan.org/modules/by-module/.

Platforms

Windows 2000

Back to exploit index