CVE-2007-2221

Microsoft Windows Media Server - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2221. PoCs published by Andres Tarasco.

AI-analyzed exploit summary This exploit leverages a vulnerability in mdsauth.dll (CVE-2007-2221) to arbitrarily modify files via the NMSA Session Description Object's SaveAs method. It demonstrates file overwrite by saving session data to c:\boot.ini.

Description

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andres Tarasco · htmlremotewindows

https://www.exploit-db.com/exploits/3892

View Code ZIP pw:eip

This exploit leverages a vulnerability in mdsauth.dll (CVE-2007-2221) to arbitrarily modify files via the NMSA Session Description Object's SaveAs method. It demonstrates file overwrite by saving session data to c:\boot.ini.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows with mdsauth.dll (pre-MS07-027 patch)

No auth needed

Prerequisites: Vulnerable version of mdsauth.dll · User interaction to open the HTML file

MITRE ATT&CK