module
NTR ActiveX Control Check() Method Buffer Overflow
| Disclosed | Created |
|---|---|
| 2012-01-11 | 2018-05-30 |
Disclosed
2012-01-11
Created
2018-05-30
Description
This module exploits a vulnerability found in NTR ActiveX 1.1.8. The
vulnerability exists in the Check() method, due to the insecure usage of strcat to
build a URL using the bstrParams parameter contents (note: this is also the reason
why the module won't allow you to modify the URIPATH), which leads to code execution
under the context of the user visiting a malicious web page. In order to bypass
DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.
vulnerability exists in the Check() method, due to the insecure usage of strcat to
build a URL using the bstrParams parameter contents (note: this is also the reason
why the module won't allow you to modify the URIPATH), which leads to code execution
under the context of the user visiting a malicious web page. In order to bypass
DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.
Authors
Carsten Eiram
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.