[framework] ie_createtextrange [Was: Problems getting IE exploits to run]
Angelo Dell'Aera
buffer at antifork.org
Tue Jun 20 09:57:03 CDT 2006
On Fri, 16 Jun 2006 00:53:36 -0400
"Wang, Kathy" <knwang at mitre.org> wrote:
> Test Case 1:
> - Windows XP Professional version 2002 (no patches) as victim machine
> with IE 6.0.2600.0000 browser
> - Metasploit 2.6 on Gentoo Linux host
> - Using ie_createtextrange exploit in Metasploit framework
Just a note about this scenario. During a client-side penetration test
I did last week I noticed that the exploit doesn't work properly. It
seems there's a huge request of heap memory that Windows isn't
able to satisfy thus leading to IE crash. Thus I tried modifying the
exploit this way
- while($memblock.length+$slidesize<0x40000)
+ while($memblock.length+$slidesize<0x32000)
and it seems it works much more reliably even in other scenarios I'm
testing in these days.
Regards,
--
Angelo Dell'Aera 'buffer'
Antifork Research, Inc. http://buffer.antifork.org
Metro Olografix
PGP information in e-mail header
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://spool.metasploit.com/pipermail/framework/attachments/20060620/b11bf8c6/attachment.pgp
More information about the framework
mailing list