Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption - Metasploit exploit module
Page 1 of 1
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption - Metasploit exploit module
The exploit found is used to preform drive-by attacks via compromised Chinese web sites.
Original exploit (as it is in-the-wild) can be found here (shellcode changed to execute calc.exe) - aa.rar.
You can read the translated post here or read this post from ISC diary.
Here’s a Metasploit exploit module I wrote that exploit this vulnerability.
Tested successfully on the following platforms (fully patched 06/07/09):
- Internet Explorer 6, Windows XP SP2
- Internet Explorer 7, Windows XP SP3
Download msvidctl_mpeg2.rb.
Also, if you want to test this vulnerability manually, here’s a little Ruby script I wrote that build GIF files to trigger the vulnerability:
Download msvidctl_gif.rb.
Original exploit (as it is in-the-wild) can be found here (shellcode changed to execute calc.exe) - aa.rar.
You can read the translated post here or read this post from ISC diary.
Here’s a Metasploit exploit module I wrote that exploit this vulnerability.
Tested successfully on the following platforms (fully patched 06/07/09):
- Internet Explorer 6, Windows XP SP2
- Internet Explorer 7, Windows XP SP3
Download msvidctl_mpeg2.rb.
Also, if you want to test this vulnerability manually, here’s a little Ruby script I wrote that build GIF files to trigger the vulnerability:
Download msvidctl_gif.rb.
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» 0-day in Microsoft DirectShow
» Advisory To Exploit Using Metasploit
» Metasploit OWC ActiveX Exploit
» A novel apache module for containing web-based malware infections
» Kshop module search variable and field remote XSS
» Advisory To Exploit Using Metasploit
» Metasploit OWC ActiveX Exploit
» A novel apache module for containing web-based malware infections
» Kshop module search variable and field remote XSS
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|