User avatar

Hero Member
Hero Member

Posts: 625

Joined: Sat Apr 17, 2010 12:12 pm

Post Wed Oct 24, 2012 3:16 pm


This bulletin was just posted: ... n/MS12-054

I see that the vulnerability is in the way that MS implements the Remote Access Protocol, some form of the RDP protocol if my understanding is correct. My question is, besides RE'ing the fix when it is released, how does one go about building an exploit for this vulnerability? At first I thought just manipulating the packets themselves would be enough, but I have no idea how one would generate application specific packets... I'm not trying to do so, but I am tring to understand the process.‎


User avatar


Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Oct 24, 2012 6:55 pm

Re: MS12-054

That was actually posted back in August. I think you may be confusing this with the RDP bug 12-020.

Regardless, with any of these bulletins the process varies. Sometimes the bulletin will provide SOME detail or some vague idea of what was reported. More often than not, they hardly say anything specific.

In the case of protocol bugs, you would just need to know how the protocol works and begin fuzzing. RDP is very complex and getting 12-020 to be exploitable never hit a public exploit database. There are rumors that one is available though.

To generate application specific packets, you can use tools like scapy. Scapy allows you create any type of packet you want. Understanding how the protocol works would be critical though, otherwise your packets wont matter.

I'm not trying to do so, but I am tring to understand the process.

Why not?! That would be quite a notch in the belt...

PS - A little more info on the bulletin you mentioned (12-054) ... worms.aspx

Return to Other

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software