万壑松风(silvester) http://hi.baidu.com/ccex sf.beyond@gmail.com
研究了两天,此代码利用了IE内存泄露而执行远程代码, 如果代码执行成功, 服务器端则可以对其进行控制, 可以查看删除所有的文件, 查看进程等操作, 每次泄露执行成功的机率大约是30%, 页面关闭后则连接关闭,
测试主机: win2000
浏览器版本: IE6.0.2800.1106
工具: Metasploit Console(Aurora模块)
微软漏洞报告:http://www.microsoft.com/technet/security/advisory/979352.mspx
The vulnerability is an Internet Explorer memory corruption issue triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model (DOM) element. If an attacker is able to prepare memory with attack code, the reference to a random location of freed memory could result in execution of the attacker’s code.
研究了两天,此代码利用了IE内存泄露而执行远程代码, 如果代码执行成功, 服务器端则可以对其进行控制, 可以查看删除所有的文件, 查看进程等操作, 每次泄露执行成功的机率大约是30%, 页面关闭后则连接关闭,
测试主机: win2000
浏览器版本: IE6.0.2800.1106
工具: Metasploit Console(Aurora模块)
微软漏洞报告:http://www.microsoft.com/technet/security/advisory/979352.mspx
The vulnerability is an Internet Explorer memory corruption issue triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model (DOM) element. If an attacker is able to prepare memory with attack code, the reference to a random location of freed memory could result in execution of the attacker’s code.
扫一扫
1231
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
