Vulnerability & Exploit Database

Back to search

NTR ActiveX Control StopModule() Remote Code Execution

This module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • Carsten Eiram
  • juan vazquez <juan.vazquez [at]>



  • Automatic
  • IE 6 on Windows XP SP3
  • IE 7 on Windows XP SP3
  • IE 7 on Windows Vista


  • windows



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/browser/ntr_activex_stopmodule msf exploit(ntr_activex_stopmodule) > show targets ...targets... msf exploit(ntr_activex_stopmodule) > set TARGET <target-id> msf exploit(ntr_activex_stopmodule) > show options and set options... msf exploit(ntr_activex_stopmodule) > exploit

Related Modules