Add MS15-100 Microsoft Windows Media Center MCL Vulnerability #5971

wchen-r7 · 2015-09-11T20:11:02Z

This is the shortest MSFT exploit I've ever written.

Start a Win 7 SP1 (x86) test box
rvmsudo msfconsole
run windows/fileformat/ms15_100_mcl_exe, it will generate a mcl file
drag and drop the mcl file to the windows box, double click on it, click yes for the prompt, and then the payload should be executed.

After you apply the patch, the payload will not execute, and eventually it will say "cannot run file://..." or something like that.

firefart · 2015-09-11T20:46:00Z

Why not run powershell with an encoded msf payload or smth similar?

wchen-r7 · 2015-09-11T20:47:54Z

Did not figure out how to pass an argument. Wanna try? :-)

firefart · 2015-09-11T21:01:56Z

just tried it and it looks like it only works without parameters :(

firefart · 2015-09-12T10:18:15Z

@wchen-r7 should we unregister the FILE_CONTENTS option for this module?

wchen-r7 · 2015-09-13T04:32:32Z

That's true, it shouldn't be there. Gone now!

firefart · 2015-09-13T15:01:07Z

Thanks @wchen-r7 :)

firefart · 2015-12-09T21:18:07Z

wchen-r7 · 2015-12-10T00:33:06Z

I saw. Thanks.

Add MS15-100 Microsoft Windows Media Center MCL Vulnerability

0105309

wchen-r7 added the module label Sep 11, 2015

No FILE_CONTENTS option

ae5aa8f

wchen-r7 added the feature label Sep 13, 2015

firefart self-assigned this Sep 13, 2015

firefart merged commit ae5aa8f into rapid7:master Sep 13, 2015

firefart added a commit that referenced this pull request Sep 13, 2015

Land #5971, MS15-100 Win Media Center MCL Vuln

8ffcdbb

Provide feedback