Latest YouTube Video
Thursday, August 20, 2015
[FD] Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)
Document Title: =============== Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064) References (Source): ==================== http://ift.tt/1TVatLt Video: http://youtu.be/Vkswz7vt23M http://ift.tt/1sAsDia CVE-ID: ======= CVE-2014-6332 Release Date: ============= 2015-08-15 Vulnerability Laboratory ID (VL-ID): ==================================== 1576 Common Vulnerability Scoring System: ==================================== 9.3 Abstract Advisory Information: ============================== The Vulnerability Laboratory discovered remote code execution vulnerability in the Microsoft HTA (HTML Application) - MS14-064. Vulnerability Disclosure Timeline: ================================== 2015-08-15: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka Windows OLE Automation Array Remote Code Execution Vulnerability. Proof of Concept (PoC): ======================= The vulnerbility can be exploited by remote attackers without user interaction or privilege application user accounts. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce ... 1 . Run php code : php hta.php 2 . Copy this php output (HTML) and Paste as poc.hta (Replace ip) 3 . Open poc.hta 4 . Your Link Download/Execute on your target 5 . Finished ;) #!/usr/bin/php poc