From a5ffe7297f0fa3e25eb21c9a408da1dc18492811 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Thu, 20 Sep 2012 14:52:52 -0500 Subject: [PATCH] Touching up Kernelsmith's wording. It is merely the ROP chain, not the vuln, that requires Java. --- .../exploits/windows/browser/ie_execcommand_uaf.rb | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/modules/exploits/windows/browser/ie_execcommand_uaf.rb b/modules/exploits/windows/browser/ie_execcommand_uaf.rb index 2f48d8575e..26145f29c2 100644 --- a/modules/exploits/windows/browser/ie_execcommand_uaf.rb +++ b/modules/exploits/windows/browser/ie_execcommand_uaf.rb @@ -27,13 +27,15 @@ class Metasploit3 < Msf::Exploit::Remote This module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading - to a use-after-free condition. Please note that this vulnerability has - been exploited in the wild since Sep 14 2012, and there is currently no official - patch for it. + to a use-after-free condition. - This module requires the following dependencies on the target for the ROP chain to function. - For WinXP SP3 with IE8, msvcrt must be present (which it is on default installs). For - Vista/Win7 with IE8 or Win7 with IE9, jre 1.6.x or below must be installed. + Please note that this vulnerability has been exploited in the wild since Sep 14 2012, + and there is currently no official patch for it. + + Also note that presently, this module has some target dependencies for the ROP chain to be + valid. For WinXP SP3 with IE8, msvcrt must be present (as it is by default). + For Vista or Win7 with IE8, or Win7 with IE9, JRE 1.6.x or below must be installed (which + is often the case). }, 'License' => MSF_LICENSE, 'Author' =>