Metasploit mailing list archives
ie_createtextrange [Was: Problems getting IE exploits to run]
From: buffer at antifork.org (Angelo Dell'Aera)
Date: Tue, 20 Jun 2006 16:57:03 +0200
On Fri, 16 Jun 2006 00:53:36 -0400 "Wang, Kathy" <knwang at mitre.org> wrote:
Test Case 1: - Windows XP Professional version 2002 (no patches) as victim machine with IE 6.0.2600.0000 browser - Metasploit 2.6 on Gentoo Linux host - Using ie_createtextrange exploit in Metasploit framework
Just a note about this scenario. During a client-side penetration test I did last week I noticed that the exploit doesn't work properly. It seems there's a huge request of heap memory that Windows isn't able to satisfy thus leading to IE crash. Thus I tried modifying the exploit this way - while($memblock.length+$slidesize<0x40000) + while($memblock.length+$slidesize<0x32000) and it seems it works much more reliably even in other scenarios I'm testing in these days. Regards, -- Angelo Dell'Aera 'buffer' Antifork Research, Inc. http://buffer.antifork.org Metro Olografix PGP information in e-mail header -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 191 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060620/b11bf8c6/attachment.pgp>
Current thread:
- Problems getting IE exploits to run Wang, Kathy (Jun 15)
- Problems getting IE exploits to run H D Moore (Jun 15)
- ie_createtextrange [Was: Problems getting IE exploits to run] Angelo Dell'Aera (Jun 20)