Metasploit mailing list archives
Re: new adobe exploit
From: Lurene Grenier <pusscat () metasploit com>
Date: Wed, 6 Jan 2010 08:23:00 -0500
The exploit relies on a heap spray and some heap grooming that seems to move around a bit on different language packs. The version posted was tested on XPSP3 (no DEP) with acrord 9.2. Are the machines you guys are testing on equipped with hardware DEP? If so, we're out of luck until someone has the time to implement the ret-spray, heap flip, ret2lib chained attack style sploit. If not, let me know version numbers and language packs and I'll take a look. On Tue, Jan 5, 2010 at 8:08 PM, Brian Milliron <antechrist () io com> wrote:
Kudos to the dev team on the new doc.media.newPlayer exploit. I didn't even notice it had been added to the build until now. I can't wait to test it out. Will let you know what versions I test. FYI, here is an analysis of some highly sophisticated wild code for this exploit which is using an egg hunt to execute multiple payloads and then opens a valid pdf after crashing the reader so the user doesn't notice anything. http://isc.sans.org/diary.html?storyid=7867 Cheers, Brian _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- ~ Lurene _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- new adobe exploit Brian Milliron (Jan 05)
- Re: new adobe exploit Jeffs (Jan 05)
- Re: new adobe exploit τ∂υƒιφ * (Jan 05)
- Re: new adobe exploit Brian Milliron (Jan 06)
- Re: new adobe exploit τ∂υƒιφ * (Jan 05)
- Re: new adobe exploit Lurene Grenier (Jan 06)
- Re: new adobe exploit Jeffs (Jan 05)