MS08-067 check is python script which can anonymously check if a target machine or a list of target machines are affected by MS08-067 vulnerability.
This tool can be used to anonymously check if a target machine or a list of target machines are affected by MS08-067 issue (Vulnerability in Server Service Could Allow Remote Code Execution).
Usage
$ python ms08-067_check.py -h Usage: ms08-067_check.py [option] {-t |-l } Options: --version show program's version number and exit -h, --help show this help message and exit -d show description and exit -t TARGET target IP or hostname -l LIST text file with list of targets -s be silent
Example output
$ python ms08-067_check.py -t 192.168.123.30 192.168.123.30: VULNERABLE
Note
On Windows XP Service Pack 2 and Windows XP Service Pack 3 this check might lead to a race condition and heap corruption in the svchost.exe process, but it may not crash the service immediately: it can trigger later on inside any of the shared services in the process.
References
- BID: 31874
- CVE: 2008-4250
- http://blogs.technet.com/swi/archive/2008/10/25/most-common-questions-that-we-ve-been-asked-regarding-ms08-067.aspx
- http://www.microsoft.com/technet/security/advisory/958963.mspx
- http://www.phreedom.org/blog/2008/decompiling-ms08-067/
- http://metasploit.com/dev/trac/browser/framework3/trunk/modules/exploits/windows/smb/ms08_067_netapi.rb
- http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html
- http://blogs.securiteam.com/index.php/archives/1150