what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

OSVDB: OSVDB-69796

Internet Explorer CSS Recursive Import Use After Free

Posted Feb 10, 2011

Authored by jduck, d0c_s4vage, passerby | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 'mscorie.dll' module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions with .NET 2.0.50727 installed.

tags | exploit, arbitrary, code execution

systems | windows

advisories | CVE-2010-3971, OSVDB-69796

SHA-256 | b674d10a358ae0670ca3948bd6a75c892483694a88cd9a387e5cafdc4fe93b11

Download | Favorite | View

Internet Explorer CSS Recursive Import Use After Free

Posted Dec 21, 2010

Authored by jduck, WooYun, d0c_s4vage | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution.

tags | exploit, arbitrary, code execution

advisories | OSVDB-69796

SHA-256 | 12a12d587013ccc439d5dea27c029bf2ab86f019a399cc8e641060289dc1aa2f

Download | Favorite | View