Tuesday, July 14, 2009

Metasploit OWC ActiveX Exploit

HD Moore has released a second IE 0 day Metasploit Exploit Module in the past 2 weeks. The Office Web Component Exploit in Metasploit was committed to the Dev 3.3 SVN and will attack the vulnerability on the following platforms:
Windows XP SP0 to SP3 with IE6 or IE7 with Office XP or Office 2003 Installed

The exploit targets a specific spreadsheet component in ActiveX. The code for the whole exploit can be seen in trac.metasploit.com.

To use the exploit we must load it in msfconsole, for this example the console will be ran as root since we want to use port 80 for the exploit handler to listen on. This will ensure success by using the default port 80 for directed attacks as there might be filtering on the target network. We set the exploit and payload:

See here

No comments: