Metasploit mailing list archives
ms09_002 and IE8
From: mtrancer at gmail.com (Trancer)
Date: Thu, 26 Mar 2009 12:06:02 +0200
Among a series of improvements, DEP and ASLR support for example, heap spraying technique won't work for IE8. You can get code execution using Sotirov/Dowd .NET DLL technique (see ie_xml_corruption.rb) for the IE8 beta versions. In the final release of IE8 this technique have been mitigated. Read http://blogs.technet.com/srd/archive/2009/03/23/released-build-of-internet-explorer-8-blocks-dowd-sotirov-aslr-dep-net-bypass.aspx Aczire wrote:
Hi, Just testing ms09_002 with IE8, the interesting thing is, msf created a sessions for me, though not a real one (?). Any way to clearly distinguish between IE7 and IE8? Acz _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
-- Trancer 0nly Human.
Current thread:
- MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash Developer Developer (Mar 24)
- MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash H D Moore (Mar 24)
- ms09_002 and IE8 Aczire (Mar 26)
- ms09_002 and IE8 Trancer (Mar 26)
- MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash Ron (Mar 26)
- ms09_002 and IE8 Aczire (Mar 26)
- MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash H D Moore (Mar 24)