CVE-2005-4696

Microsoft Wireless Zero Configuration - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4696. PoCs published by Laszlo Toth.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in the Wireless Zero Configuration Service (WZCSVC) on Windows XP SP2. It retrieves WPA pre-shared keys and WEP keys by interacting with the wzcsapi.dll RPC interface.

Description

The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Laszlo Toth · c++localwindows

https://www.exploit-db.com/exploits/26323

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in the Wireless Zero Configuration Service (WZCSVC) on Windows XP SP2. It retrieves WPA pre-shared keys and WEP keys by interacting with the wzcsapi.dll RPC interface.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows XP SP2

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK