module
Quest InTrust Annotation Objects Uninitialized Pointer
Disclosed | Created |
---|---|
2012-03-28 | 2018-05-30 |
Disclosed
2012-03-28
Created
2018-05-30
Description
This module exploits an uninitialized variable vulnerability in the
Annotation Objects ActiveX component. The ActiveX component loads into memory without
opting into ALSR so this module exploits the vulnerability against windows Vista and
Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX
points to part of the ROP chain in a heap chunk and the calculated call will hit the
pivot in a separate heap chunk. This will take some time in the users browser.
Annotation Objects ActiveX component. The ActiveX component loads into memory without
opting into ALSR so this module exploits the vulnerability against windows Vista and
Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX
points to part of the ROP chain in a heap chunk and the calculated call will hit the
pivot in a separate heap chunk. This will take some time in the users browser.
Authors
rgod rgod@autistici.org
mr_me steventhomasseeley@gmail.com
mr_me steventhomasseeley@gmail.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.