This [Metasploit] module exploits a stack overflow in the w22n51.sys driver provided with the Intel 2200BG integrated wireless adapter. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Probe response frame is received that contains multi vendor specific tag and "\x00" as essid and essid length element. This exploit was tested with version 8.0.12.20000 of the driver and an Intel Centrino 2200BG integrated wireless adapter. Newer versions of the w22n51.sys driver are provided from Intel to resolve this flaw.
Since this vulnerability is exploited via probe response frames, all cards within range of the attack will be affected. Vulnerable clients don't need to have their card in a particular state for this exploit to work.
Authors: oveRet & skape
http://www.milw0rm.com/exploits/5461
No comments:
Post a Comment