Svchost crash after using ReflectiveVNCinject payload.

[hdm at metasploit.com (H D Moore)]

In general, we don't support multiple successful exploit attempts with 
memory corruption modules; sometimes it works out, but often there is some 
kind of process garbage that breaks further attempts to hit the same 
process. We do try to use ExitThread() when possible to prevent the entire 
service from dying, but even that is hit-or-miss (if the shellcode crashes 
before it exits out, that fails too).

-HD


On Sunday 23 November 2008, ???????? wrote:
> Using of payload/windows/reflectivevncinject/reverse_tcp
> with ms08_067_netapi exploit cause svchost.exe crash on
> Windows XP SP3 English after second use.
>
> Event from exploited pc follows:
> Faulting application svchost.exe, version 5.1.2600.5512,
> faulting module ntdll.dll, version 5.1.2600.5594, fault
> address 0x00028bed.