Monday, July 13, 2009

Exploiting MSVidCtl ActiveX with Metasploit

Recently an exploit for MSVidCtl component of Microsoft DirectShow was found that caused a memory corruption on Internet Explorer 6 and 7 giving shell on the target box under the IE process. Trancer contributed a exploit module to Metasploit to exploit this vulnerability by creating a crafted GIF image. I would like to cover simple example on using the exploit and changing to another Meterpreter session so when the targeted Internet Explorer is killed by the user we do not lose the shell access. Migrate sadly does not work since the process is left in such an unstable state that trying to migrate the Meterpreter session tends to kill the session.

We start by running msfconsole after updating Metasploit to the latest version of Metsaploit dev version:

See More

No comments: