infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Redo description

bug/bundler_fix
jvazquez-r7 2015-03-11 18:19:28 -05:00
parent aaabd23707
commit 0e4e264325
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/exploits/windows/fileformat/ms15_020_shortcut_icon_dllloader.rb
View File

@ -18,10 +18,12 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Microsoft Windows Shell LNK Code Execution',
'Description' => %q{
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain an icon resource pointing to a
malicious DLL. This module creates a WebDAV service that can be used
to run an arbitrary payload when accessed as a UNC path.
This module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling
of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious
DLL. This module creates the required files to exploit the vulnerability. They must be
uploaded to an UNC path accessible by the target. This module has been tested successfully
on Windows 2003 SP2 with MS10-046 installed and Windows 2008 SP2 (32 bits) with MS14-027
installed.
},
'Author' =>
[