Added module for CVE-2008-2551 #150
Conversation
|
I don't think I can get the file. It keeps giving me a time out: --2012-02-01 20:21:19-- (try:20) http://c6download.alice.it/software/c6tinblast.exe |
|
At this time you've installed the activex I think :P The activex is who is On Thu, Feb 2, 2012 at 5:55 AM, sinn3r <
|
|
Anyway I've inspected HTML source and you should be able to download the Let me know if you can't download and I'll send a copy of the activex :) regards, juan On Thu, Feb 2, 2012 at 5:55 AM, sinn3r <
|
|
Ah okay. I didn't let it install the add-on, that's why. |
|
Nice to listen you could download :) On Thu, Feb 2, 2012 at 9:51 AM, sinn3r <
|
I would like to make a contribution to metasploit with a module for "CVE-2008-2551: Icona SpA C6 Messenger DownloaderActiveX ActiveX Arbitrary Code Execution" with the hope you find it useful.
It's an old vulnerability but it seems exploited by "hierarchy" exploit kit (http://malwareint.blogspot.com/2012/01/hierarchy-exploit-pack-new-crimeware.html). So I suppose it could be useful to someone for testing :). I haven't found it on msf. The abused ActiveX still can be downloaded from: http://c6.community.alice.it/download/c6.html
I've used the symantec_appstream_unsafe.rb by MC as module template. I've tested on IE6, IE7 and IE8 over XP SP3.
With this contrib I would like to try the new github collaboration method for msf too since I haven't tested still! :) Please, let me know if I'm doing anything wrong!
Finally I'm learning and training exploit writing and metasploit dev so any feedback about the code is welcome!
Regards,
juan