EvilZone

Hacking and Security => Hacking and Security => : proxx June 14, 2013, 06:28:08 AM

: Nifty exploit: Win7 SP1 / Iexplorer8 CVE-2013-2551 and OSVDB-91197
: proxx June 14, 2013, 06:28:08 AM

This is a nifty little exploit.
Packetstorm:

This Metasploit module exploits an integer overflow vulnerability on Internet Explorer. The vulnerability exists in the handling of the dashstyle.array length for vml shapes on the vgx.dll module. This Metasploit module has been tested successfully on Windows 7 SP1 with IE8. It uses the the JRE6 to bypass ASLR by default. In addition a target to use an info leak to disclose the ntdll.dll base address is provided. This target requires ntdll.dll v6.1.7601.17514 (the default dll version on a fresh Windows 7 SP1 installation) or ntdll.dll v6.1.7601.17725 (version installed after apply MS12-001).

http://packetstormsecurity.com/files/121997/ms13_037_svg_dashstyle.rb.txt
http://packetstormsecurity.com/files/download/121997/ms13_037_svg_dashstyle.rb.txt

The list of vuln targets is really impressive.
Whether or not it can be exploited is a second.
http://www.securityfocus.com/bid/58570

Just wanted to share :)

: Re: Nifty exploit: Win7 SP1 / Iexplorer8 CVE-2013-2551 and OSVDB-91197
: Stackprotector June 14, 2013, 09:17:17 AM

It uses the the JRE6 to bypass ASLR by default

That moment when Java even disables the most generic security feature :P