Email address | private |
---|---|
First Active | 2010-02-10 |
Last Active | 2010-10-20 |
MS10-070 ASP.NET auto-decryptor file download proof of concept exploit.
583ab327079e0f73d7b6ed0c839ab545a54adb9b2e531b103d46a58fa7667610
Microsoft ASPX padding Oracle proof of concept exploit.
c3a9002ff5395b015576ac90d9ff8fbd8d6778358850b25ad001ce45e972dfd4
Flaws in Microsoft's implementation of the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges/nonces and an information leak allow an unauthenticated remote attacker without any kind of credentials to access the SMB service of the target system under the credentials of an authorized user. Depending on the privileges of the user, the attacker will be able to obtain and modify files on the target system and execute arbitrary code. Proof of concept exploit included.
6b3ebf2a7a39c7c5203cde6f4027d748b138e372cc4996244b973486d32706b4