module
NTR ActiveX Control Check() Method Buffer Overflow
| Disclosed | Created |
|---|---|
| Jan 11, 2012 | May 30, 2018 |
Disclosed
Jan 11, 2012
Created
May 30, 2018
Description
This module exploits a vulnerability found in NTR ActiveX 1.1.8. The
vulnerability exists in the Check() method, due to the insecure usage of strcat to
build a URL using the bstrParams parameter contents (note: this is also the reason
why the module won't allow you to modify the URIPATH), which leads to code execution
under the context of the user visiting a malicious web page. In order to bypass
DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.
vulnerability exists in the Check() method, due to the insecure usage of strcat to
build a URL using the bstrParams parameter contents (note: this is also the reason
why the module won't allow you to modify the URIPATH), which leads to code execution
under the context of the user visiting a malicious web page. In order to bypass
DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.
Authors
Carsten Eiram
juan vazquez [email protected]
juan vazquez [email protected]
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.