module
MS10-022 Microsoft Internet Explorer Winhlp32.exe MsgBox Code Execution
| Disclosed | Created |
|---|---|
| 02/26/2010 | 05/30/2018 |
Disclosed
02/26/2010
Created
05/30/2018
Description
This module exploits a code execution vulnerability that occurs when a user
presses F1 on MessageBox originated from VBscript within a web page. When the
user hits F1, the MessageBox help functionality will attempt to load and use
a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server.
This particular version of the exploit implements a WebDAV server that will
serve HLP file as well as a payload EXE. During testing warnings about the
payload EXE being unsigned were witnessed. A future version of this module
might use other methods that do not create such a warning.
presses F1 on MessageBox originated from VBscript within a web page. When the
user hits F1, the MessageBox help functionality will attempt to load and use
a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server.
This particular version of the exploit implements a WebDAV server that will
serve HLP file as well as a payload EXE. During testing warnings about the
payload EXE being unsigned were witnessed. A future version of this module
might use other methods that do not create such a warning.
Authors
Maurycy Prodeusjduck
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/browser/ms10_022_ie_vbscript_winhlp32
msf /(2) > show actions
...actions...
msf /(2) > set ACTION < action-name >
msf /(2) > show options
...show and set options...
msf /(2) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.