Metasploit mailing list archives
Re: Maple
From: Lurene Grenier <pusscat () metasploit com>
Date: Mon, 3 May 2010 10:51:56 -0400
@rpisec should be able to test this for you - hit them on twitter :) On Wed, Apr 28, 2010 at 8:15 PM, scriptjunkie <scriptjunkie1 () googlemail com> wrote:
Tested on Win32. If someone has a linux version of Maple and can test it, please do so. On Wed, Apr 28, 2010 at 5:08 PM, scriptjunkie <scriptjunkie1 () googlemail com> wrote:Maple auth bypass exploit. Standard security settings prevent code from running in a normal maple worksheet without user interaction, but those setting do not apply when double-clicking a .maplet file. This exploits that vulnerability for windows, linux, or just executes a generic command. (I'm sure someone will call it a feature. Either way, it still enables arbitrary code execution.) scriptjunkie_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- ~ Lurene _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework