MS14-009 .NET Deployment Service IE Sandbox Escape

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class Metasploit3 'dfsvc' = '4.0.30319.17929.17', 'mscorlib' =...

MS14-009 .NET Deployment Service IE Sandbox Escape Exploit

This Metasploit module abuses a process creation policy in the Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The problem exists in the .NET Deployment Service dfsvc.exe, which can be run as Medium Integrity Level. Further...