Vulnerability & Exploit Database

Back to search

NTR ActiveX Control Check() Method Buffer Overflow

This module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents (note: this is also the reason why the module won't allow you to modify the URIPATH), which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/browser/ntr_activex_check_bof

Authors

  • Carsten Eiram
  • juan vazquez <juan.vazquez [at] metasploit.com>

References

Targets

  • IE 6 on Windows XP SP3
  • Automatic
  • IE 7 on Windows XP SP3
  • IE 8 on Windows XP SP3
  • IE 7 on Windows Vista
  • IE 8 on Windows Vista
  • IE 8 on Windows 7
  • IE 9 on Windows 7

Platforms

  • windows

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/browser/ntr_activex_check_bof msf exploit(ntr_activex_check_bof) > show targets ...targets... msf exploit(ntr_activex_check_bof) > set TARGET <target-id> msf exploit(ntr_activex_check_bof) > show options ...show and set options... msf exploit(ntr_activex_check_bof) > exploit

Related Modules