Language on MS12-005
parent
99b9261294
commit
15b674dab3
|
@ -22,9 +22,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
This module exploits a vulnerability found in Microsoft Office's ClickOnce
|
||||
feature. When handling a Macro document, the application fails to recognize
|
||||
certain file extensions as dangerous executables, which can be used to bypass
|
||||
the warning message. This allows you to trick your victim into opening the
|
||||
malicious document, which will load up either a python or ruby payload based on
|
||||
your choosing, and then finally download and execute our executable.
|
||||
the warning message. This can allow attackers to trick victims into opening the
|
||||
malicious document, which will load up either a python or ruby payload, and
|
||||
finally, download and execute an executable.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
@ -247,4 +247,4 @@ mbp:win7_diff sinn3r$ diff patch/GetCurrentIcon.c vuln/GetCurrentIcon.c
|
|||
---
|
||||
> if ( IsProgIDInList(0, result, extList, 0x11u) || !SHGetFileInfoW(pszPath, 0x80u, &psfi, 0x2B4u, 0x110u) )
|
||||
31c31
|
||||
=end
|
||||
=end
|
||||
|
|
Loading…
Reference in New Issue