MS08-067 check

This tool can be used to anonymously check if a target machine or a list of target machines are affected by MS08-067 issue (Vulnerability in Server Service Could Allow Remote Code Execution).

Usage

$ python ms08-067_check.py -h
Usage: ms08-067_check.py [option] {-t |-l }

Options:
  --version   show program's version number and exit
  -h, --help  show this help message and exit
  -d          show description and exit
  -t TARGET   target IP or hostname
  -l LIST     text file with list of targets
  -s          be silent

Example

$ python ms08-067_check.py -t 192.168.123.30
192.168.123.30: VULNERABLE

Note

On Windows XP Service Pack 2 and Windows XP Service Pack 3 this check might lead to a race condition and heap corruption in the svchost.exe process, but it may not crash the service immediately: it can trigger later on inside any of the shared services in the process.

References

• BID: 31874
• CVE: 2008-4250
• http://blogs.technet.com/swi/archive/2008/10/25/most-common-questions-that-we-ve-been-asked-regarding-ms08-067.aspx
• http://www.microsoft.com/technet/security/advisory/958963.mspx
• http://www.phreedom.org/blog/2008/decompiling-ms08-067/
• http://metasploit.com/dev/trac/browser/framework3/trunk/modules/exploits/windows/smb/ms08_067_netapi.rb
• http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html
• http://blogs.securiteam.com/index.php/archives/1150