infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Language on MS12-005

unstable
Tod Beardsley 2012-06-13 14:21:56 -05:00
parent 99b9261294
commit 15b674dab3
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/windows/fileformat/ms12_005.rb
View File

@ -22,9 +22,9 @@ class Metasploit3 < Msf::Exploit::Remote
This module exploits a vulnerability found in Microsoft Office's ClickOnce
feature. When handling a Macro document, the application fails to recognize
certain file extensions as dangerous executables, which can be used to bypass
the warning message. This allows you to trick your victim into opening the
malicious document, which will load up either a python or ruby payload based on
your choosing, and then finally download and execute our executable.
the warning message. This can allow attackers to trick victims into opening the
malicious document, which will load up either a python or ruby payload, and
finally, download and execute an executable.
},
'License' => MSF_LICENSE,
'Author' =>
@ -247,4 +247,4 @@ mbp:win7_diff sinn3r$ diff patch/GetCurrentIcon.c vuln/GetCurrentIcon.c
---
> if ( IsProgIDInList(0, result, extList, 0x11u) || !SHGetFileInfoW(pszPath, 0x80u, &psfi, 0x2B4u, 0x110u) )
31c31
=end
=end