The most infamous remote code execution vulnerability affecting outdated systems is MS08-067, commonly known as netapi or CVE-2008-4250. This vulnerability affects Microsoft Windows 2000, XP, and Windows Server 2003. It has been exploited by attackers for years now as there are public exploits available for both 32 and 64 bits platforms.
This recipe shows how to detect Windows machines vulnerable to MS08-067 with Nmap.
Open your terminal and enter the following Nmap command:
$ nmap -p445 --script smb-vuln-ms08-067 <target>
If the target is vulnerable, you should see a vulnerability report that marks the host as vulnerable and provides additional information about the issue:
PORT STATE SERVICE 445/tcp open microsoft-ds | smb-vuln-ms08-067: | VULNERABLE: | Microsoft Windows system vulnerable to remote code execution (MS08-067) | State: VULNERABLE | IDs: CVE:CVE-2008-4250 |...