Since the SRD is once again downplaying SMB client side bug i think it's important to share this kind of tricks.
It's also important to mention that Browser and NBNS abusing is well known since a long time, as theses protocols wasn't developed with security in mind, this blog post is a simple real case example.
There's two way to automate SMB client side bug;
- NBNS Spoofing (require some "kind" of user interaction in some way, anyways in a corporate network it works pretty well)
- Browser Protocol Abusing (the funny one)
To see more details: