Written on:June 9, 2017
Add One

Derivado de las filtraciones que ha realizado el grupo Shadow Brokers en ellas están contenidos dos tipos de exploit/tool nombradas como EXPLODINGCAN & ESTEEMAUDIT.

Primero que nada es conveniente mencionar que estos exploit solamente afectan las plataformas de Windows Server 2003 R2 y Windows XP, a continuación describiremos cada una de ellas de acuerdo a su propósito y origen.


  • Description:       This vulnerability can be exploited using a PROPFIND HTTP request with a long string value in the IF header, starting with “<http://”.
  • CVE:                      2017-7269
  • SO Affected:     Windows 2003 R2
  • Target:              Internet Information Server (IIS) Ver. 6 with plugin WebDAV
  • Service:            HTTP/HTTPS
  • Exploit public:   YES
  • Complexity:       Medium
  • Authentication:   None
  • Solution:            No solution was available at the time of this entry, upgrade IIS.
  • Workaround:       Disable WebDAV plugin



  • Description:       A remote user can send specially crafted RDP data to trigger an unspecified flaw in a SmartCard authentication function and execute arbitrary code on the target system.
  • CVE:                      2017-9073
  • SO Affected:     Windows XP, Server 2003
  • Target:              RDP
  • Service:            RDP/3389
  • Exploit public:    No
  • Complexity:       Medium
  • Authentication: Simple
  • Solution:           No solution was available at the time of this entry.
  • Workaround:    Disable RDP service



Leave a Comment

Your email address will not be published. Required fields are marked *

%d bloggers like this: