Description: This module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses “msgr3en.dll”, which will load after office got load, so the malicious file must be loaded through “File / Open” to achieve exploitation.
Tags: Metasploit , ipv6 , microsoft ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
hey i have a a question i have updated my metasploit i see on dir exploit/windows/fileformat/ms12_027_mscomctl_bof but dont can use on metasploit console :( help me pliz
@Armitage1989
i had the same issue, msf > search ms12-027 it did not find anything. msf now requires v0.11 or higher of ruby pg gem for database suport.
apt-get install gem(i've got 10 new lib's upd.)
gem install rubygems-update
gem install pg
-it will vary depend what box you have,
now msfconsole is still not happy, now it want me to install postgresql adapter, but fck that its working including the exploit above
just mess around and it will work eventually, as always :)
ok thnk for info