Home page logo
/

metasploit logo Metasploit mailing list archives

Re: CVE-2009-3129 and CVE-2010-1297
From: MaXe <metafan () intern0t net>
Date: Wed, 16 Jun 2010 22:59:55 +0200

polychrom () fastmail fm wrote:
Both these exploits used to set reverse connection to specified port,
but is it possible rebuild this exploits to download and execute file
from URL? When payload executed , it will download file from remote URL
and execute it.

Thanks.
------------

On Wed, 16 Jun 2010 14:37 -0500, "Joshua J. Drake"
<jdrake () metasploit com> wrote:
  
    
On Wed, Jun 16, 2010 at 01:34:03PM -0500, polychrom () fastmail fm wrote:
    
      
What commands to use to create Excel and PDF files exploiting
CVE-2009-3129 (Remote exploitation of a memory corruption vulnerability
in Microsoft Excel) and CVE-2010-1297 (Adobe 0 Day by Joshua J. Drake).
When I open console, what is commands to create this exploit files, and
save it on hard drive.
      
        
You can see the commands to execute in the black box via the module
browser on the main site.

http://www.metasploit.com/modules/exploit/windows/browser/adobe_flashplayer_newfunction
http://www.metasploit.com/modules/exploit/windows/fileformat/ms09_067_excel_featheader

-- 
Joshua J. Drake

    
      
  
    
Yes,

It should be possible but what you're trying to do, sounds like
integrating these exploits into a Browser Exploitation Pack / Kit for
malicious purposes?



Best regards,
MaXe
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]