Rogueit Posted December 31, 2013 Share Posted December 31, 2013 Does anyone know of a video showing the exploitation of a box using the sliverlight exploit CVE-2013-0074 and CVE-2013-3896? I am concerned that we have a bunch of machines with silverlight versions that fit the profile but without being able to show the danger, it will be hard to convince the department to force upgrade the boxes. Quote Link to comment Share on other sites More sharing options...
no42 Posted December 31, 2013 Share Posted December 31, 2013 CVE-2013-0074 appears to be in Metasploit, get your r00t on: http://www.exploit-db.com/exploits/29858/ This particular exploit should only run on the following versions: 4.0.50401 4.0.60310 4.1.10329 5.0.61118 5.1.10411 Quote Link to comment Share on other sites More sharing options...
Rogueit Posted December 31, 2013 Author Share Posted December 31, 2013 Yeah I set that up and loaded Silverlight 5.0.61118 on a windows 7 x86 box, then set the Metasploit option to 0 (attack the x86 box) and executed "exploit".I then went to the link Metasploit said it was listening on, but I only got an error on the Metasploit server about the client method every time I tried it. So I thought I was doing something wrong. I was curious if anyone had posted a video or had successfully exploited a box with the .rb file loaded into Metasploit. Thank for the reply Rogue Quote Link to comment Share on other sites More sharing options...
no42 Posted December 31, 2013 Share Posted December 31, 2013 This module has been tested successfully on IE6 - IE10, Windows XP SP3 / Windows 7 SP1 on both x32 and x64 architectures. Does your architecture fit these requirements? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.