module
MS10-022 Microsoft Internet Explorer Winhlp32.exe MsgBox Code Execution
| Disclosed | Created |
|---|---|
| 2010-02-26 | 2018-05-30 |
Disclosed
2010-02-26
Created
2018-05-30
Description
This module exploits a code execution vulnerability that occurs when a user
presses F1 on MessageBox originated from VBscript within a web page. When the
user hits F1, the MessageBox help functionality will attempt to load and use
a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server.
This particular version of the exploit implements a WebDAV server that will
serve HLP file as well as a payload EXE. During testing warnings about the
payload EXE being unsigned were witnessed. A future version of this module
might use other methods that do not create such a warning.
presses F1 on MessageBox originated from VBscript within a web page. When the
user hits F1, the MessageBox help functionality will attempt to load and use
a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server.
This particular version of the exploit implements a WebDAV server that will
serve HLP file as well as a payload EXE. During testing warnings about the
payload EXE being unsigned were witnessed. A future version of this module
might use other methods that do not create such a warning.
Authors
Maurycy Prodeus
jduck jduck@metasploit.com
jduck jduck@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.