Pages: [1]

Author Topic: Nifty exploit: Win7 SP1 / Iexplorer8 CVE-2013-2551 and OSVDB-91197  (Read 871 times)

0 Members and 1 Guest are viewing this topic.

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Nifty exploit: Win7 SP1 / Iexplorer8 CVE-2013-2551 and OSVDB-91197
« on: June 14, 2013, 06:28:08 am »
This is a nifty little exploit.
Packetstorm:
Quote
This Metasploit module exploits an integer overflow vulnerability on Internet Explorer. The vulnerability exists in the handling of the dashstyle.array length for vml shapes on the vgx.dll module. This Metasploit module has been tested successfully on Windows 7 SP1 with IE8. It uses the the JRE6 to bypass ASLR by default. In addition a target to use an info leak to disclose the ntdll.dll base address is provided. This target requires ntdll.dll v6.1.7601.17514 (the default dll version on a fresh Windows 7 SP1 installation) or ntdll.dll v6.1.7601.17725 (version installed after apply MS12-001).

http://packetstormsecurity.com/files/121997/ms13_037_svg_dashstyle.rb.txt
http://packetstormsecurity.com/files/download/121997/ms13_037_svg_dashstyle.rb.txt

The list of vuln targets is really impressive.
Whether or not it can be exploited is a second.
http://www.securityfocus.com/bid/58570

Just wanted to share :)
« Last Edit: June 14, 2013, 06:29:16 am by proxx »
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Nifty exploit: Win7 SP1 / Iexplorer8 CVE-2013-2551 and OSVDB-91197
« Reply #1 on: June 14, 2013, 09:17:17 am »
Quote
It uses the the JRE6 to bypass ASLR by default

That moment when Java even disables the most generic security feature :P
Report to moderator   Logged
~Factionwars
Pages: [1]