Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

ie7 protected mode

From: hdm at metasploit.com (H D Moore)
Date: Wed, 17 Dec 2008 00:15:30 -0600
On Monday 15 December 2008, reydecopas wrote:

Hi,
 I'm testing the ie_corruption_xml in VISTA ie7

Is it possible to break the protected mode in ie7? because  meterpreter
works great but with Low privilege according ProcessExplorer (
Integrity Low)


I poked around with this but have not found a good way to do it so far. 
The process can read/write to the temporary files directory, read from 
some registry keys, and potentially influence other apps/plugin by 
manipulating configuration files in the user's home directory. The .java 
directory seemed like it might be a good target, but only if java itself 
isn't similarly restricted.

Anyone know of an easy route out of the low-privileged IE7 process?

-HD
Previous By Date Next
Previous By Thread Next

Current thread: