diff --git a/modules/exploits/windows/browser/ie_execcommand_uaf.rb b/modules/exploits/windows/browser/ie_execcommand_uaf.rb index 7ea5493d5c..a9fc4eab09 100644 --- a/modules/exploits/windows/browser/ie_execcommand_uaf.rb +++ b/modules/exploits/windows/browser/ie_execcommand_uaf.rb @@ -24,21 +24,21 @@ class Metasploit3 < Msf::Exploit::Remote super(update_info(info, 'Name' => "Microsoft Internet Explorer execCommand Use-After-Free Vulnerability ", 'Description' => %q{ - This module exploits a vulnerability found in Microsoft Internet Explorer. When - rendering an HTML page, the CMshtmlEd object gets deleted in an unexpectedly matter, - but the same memory is reused again later in a CMshtmlEd::Exec() function, which - causes an use-after-free condition. Please note that this vulnerability has - been exploited in the wild since Sep 14th 2012, and there is currently no official - patch to it. + This module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When + rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, + but the same memory is reused again later in the CMshtmlEd::Exec() function, leading + to a use-after-free condition. Please note that this vulnerability has + been exploited in the wild since Sep 14 2012, and there is currently no official + patch for it. }, 'License' => MSF_LICENSE, 'Author' => [ - 'unknown', #Someone secret ninja - 'eromang', + 'unknown', # Some secret ninja + 'eromang', # First public discovery 'binjo', - 'sinn3r', #Metasploit - 'juan vazquez' #Metasploit + 'sinn3r', # Metasploit + 'juan vazquez' # Metasploit ], 'References' => [ @@ -68,7 +68,7 @@ class Metasploit3 < Msf::Exploit::Remote [ 'IE 9 on Windows 7', { 'Rop' => :jre, 'Offset' => '0x5fc', 'Random' => true } ] ], 'Privileged' => false, - 'DisclosureDate' => "Sep 14 2012", #When it was spotted in the wild + 'DisclosureDate' => "Sep 14 2012", # When it was spotted in the wild by eromang 'DefaultTarget' => 0)) end