module
Quest InTrust Annotation Objects Uninitialized Pointer
| Disclosed | Created |
|---|---|
| Mar 28, 2012 | May 30, 2018 |
Disclosed
Mar 28, 2012
Created
May 30, 2018
Description
This module exploits an uninitialized variable vulnerability in the
Annotation Objects ActiveX component. The ActiveX component loads into memory without
opting into ALSR so this module exploits the vulnerability against windows Vista and
Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX
points to part of the ROP chain in a heap chunk and the calculated call will hit the
pivot in a separate heap chunk. This will take some time in the users browser.
Annotation Objects ActiveX component. The ActiveX component loads into memory without
opting into ALSR so this module exploits the vulnerability against windows Vista and
Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX
points to part of the ROP chain in a heap chunk and the calculated call will hit the
pivot in a separate heap chunk. This will take some time in the users browser.
Authors
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.