Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Maple
From: Lurene Grenier <pusscat () metasploit com>
Date: Mon, 3 May 2010 10:51:56 -0400

@rpisec should be able to test this for you - hit them on twitter :)

On Wed, Apr 28, 2010 at 8:15 PM, scriptjunkie
<scriptjunkie1 () googlemail com> wrote:
Tested on Win32. If someone has a linux version of Maple and can test
it, please do so.

On Wed, Apr 28, 2010 at 5:08 PM, scriptjunkie
<scriptjunkie1 () googlemail com> wrote:
Maple auth bypass exploit. Standard security settings prevent code
from running in a normal maple worksheet without user interaction, but
those setting do not apply when double-clicking a .maplet file. This
exploits that vulnerability for windows, linux, or just executes a
generic command. (I'm sure someone will call it a feature. Either way,
it still enables arbitrary code execution.)

scriptjunkie

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework




-- 
~ Lurene
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


  By Date           By Thread  

Current thread:
  • Maple scriptjunkie (Apr 28)
    • Re: Maple scriptjunkie (Apr 29)
      • Re: Maple Lurene Grenier (May 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault