Exploits against zeroconf, network printer clients, etc.?

Discussion in 'other security issues & news' started by Gullible Jones, Nov 15, 2012.

Thread Status:
Not open for further replies.
  1. So on Windows you have a bunch of network services and stuff running by default:
    - Zeroconf, I think this is for automatic discovery of shared network devices
    - The print spooler with support for network printers
    - The Microsoft network client, in case you want to join a local network

    There are probably others too... My question is, how exploitable are these services when they do not open listening ports, or when their ports are blocked by a firewall?

    I already know that
    - Conficker exploited a hole in the network client, but IIRC some firewalls could block it.
    - Flame exploited a hole in the print spooler
    - It's sometimes possible to bypass a stateful firewall and attack the open ports underneath

    But how many ITW exploits involve attacking a network service that doesn't listen on a port, or that has its listening port blocked? Such services still parse input, so they're still likely to be vulnerable somehow, right?
  2. Hungry Man

    Hungry Man Registered Member

    May 11, 2011
    If the port is closed the code won't be interacted with or take input. You need to interact with the service to exploit it. All of those services could be exploited locally though if they can be accessed.
Thread Status:
Not open for further replies.