From 11c2662a40040f5b26f1ed00046c3cd429a0905a Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 20 Aug 2016 00:08:00 +0000
Subject: [PATCH] Avoid integer overflow in signed pack by using literal string

---
 scripts/smb-vuln-ms10-061.nse | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/smb-vuln-ms10-061.nse b/scripts/smb-vuln-ms10-061.nse
index 24424bbdf..75920deac 100644
--- a/scripts/smb-vuln-ms10-061.nse
+++ b/scripts/smb-vuln-ms10-061.nse
@@ -109,7 +109,8 @@ aka "Print Spooler Service Impersonation Vulnerability."
     local lanman_result
     local REMSmb_NetShareEnum_P  = "WrLeh"
     local REMSmb_share_info_1 = "B13BWz"
-    status, lanman_result = msrpc.call_lanmanapi(smbstate,0,REMSmb_NetShareEnum_P,REMSmb_share_info_1,bin.pack("ss",0x01,65406))
+    status, lanman_result = msrpc.call_lanmanapi(
+      smbstate, 0, REMSmb_NetShareEnum_P, REMSmb_share_info_1, "\x01\x00\x7e\xff")
     if status == false then
       stdnse.debug1("SMB: " .. lanman_result)
       stdnse.debug1("SMB: Looks like LANMAN API is not available. Try setting printer script arg.")