module

Quest InTrust Annotation Objects Uninitialized Pointer

Disclosed
2012-03-28
Created
2018-05-30

Description

This module exploits an uninitialized variable vulnerability in the
Annotation Objects ActiveX component. The ActiveX component loads into memory without
opting into ALSR so this module exploits the vulnerability against windows Vista and
Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX
points to part of the ROP chain in a heap chunk and the calculated call will hit the
pivot in a separate heap chunk. This will take some time in the users browser.

Authors

rgod rgod@autistici.org
mr_me steventhomasseeley@gmail.com

Platform

Windows

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


msf > use exploit/windows/browser/intrust_annotatex_add
msf exploit(intrust_annotatex_add) > show targets
...targets...
msf exploit(intrust_annotatex_add) > set TARGET < target-id >
msf exploit(intrust_annotatex_add) > show options
...show and set options...
msf exploit(intrust_annotatex_add) > exploit

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.