/// File Name: |
apple_quicktime_marshaled_punk.rb.t..> |
Description:
|
This Metasploit module exploits a memory trust issue in Apple QuickTime 7.6.7. When processing a specially-crafted HTML page, the QuickTime ActiveX control will treat a supplied parameter as a trusted pointer. It will then use it as a COM-type pUnknown and lead to arbitrary code execution. This exploit utilizes a combination of heap spraying and the QuickTimeAuthoring.qtx module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions. NOTE: The addresses may need to be adjusted for older versions of QuickTime.
| Author: | Ruben Santamarta,jduck | Homepage: | http://www.metasploit.com | File Size: | 7052 | Related CVE(s): | CVE-2010-1818 | Last Modified: | Aug 30 19:00:59 2010 |
MD5 Checksum: | 7ad044f928efe468c6ea9c5cb5d51a74 |
|