Update information about original discovery

Update info about original discovoery. See #2337 too.
bug/bundler_fix
sinn3r 2013-09-13 10:42:11 -05:00
parent 705e262061
commit 4847976995
1 changed files with 10 additions and 4 deletions

View File

@ -31,17 +31,21 @@ class Metasploit3 < Msf::Exploit::Remote
context of the user.
This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update.
Jose Antonio Vazquez Gonzalez and reported to iDefense, but was discovered again
by Orange Tsai at Hitcon 2013.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Orange Tsai', # Original discovery, PoC
'Peter Vreugdenhil', # Joins the party (wtfuzz)
'sinn3r' # Joins the party
'Jose Antonio Vazquez Gonzalez', # Original discovery reported from iDefense
'Orange Tsai', # Rediscovery, published at Hitcon 2013
'Peter Vreugdenhil', # Joins the party (wtfuzz)
'sinn3r' # Joins the party
],
'References' =>
[
[ 'CVE', '2013-3163' ],
[ 'OSVDB', '94981' ],
[ 'MSB', 'MS13-055' ],
[ 'URL', 'https://speakerd.s3.amazonaws.com/presentations/0df98910d26c0130e8927e81ab71b214/for-share.pdf' ]
],
@ -75,6 +79,8 @@ class Metasploit3 < Msf::Exploit::Remote
'InitialAutoRunScript' => 'migrate -f'
},
'Privileged' => false,
# Bug was patched in July 2013. Tsai was the first to publish the bug.
# But Jose already reported way back in Oct 2012 (to iDefense)
'DisclosureDate' => "Jul 09 2013",
'DefaultTarget' => 0))
end