This Metasploit modules exploits CVE-2020-26950, a use-after-free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order to construct primitives. The shellcode is forced into executable memory via the JIT compiler, and executed by writing to the JIT region pointer. This exploit does not contain a sandbox escape, so firefox must be run with the MOZ_DISABLE_CONTENT_SANDBOX environment variable set, in order for the shellcode to run successfully. This vulnerability affects Firefox versions prior to 82.0.3, Firefox ESR versions prior to 78.4.1, and Thunderbird versions prior to 78.4.2, however only Firefox versions up to 79 are supported as a target. Additional work may be needed to support other versions such as Firefox 82.0.1.
c5497acbfe1516edccf2f8747d261489391c42dfa92ad82028efc92b075df944Microsoft Internet Explorer 11 use-after free exploit that triggers when Array.sort() is called with a comparator function. The two arguments are untracked by the garbage collector.
b856df963c2e5a28bdae4d1fcd184f26ef11dc132bc8c3968f8124b28ded68ceProof of concept denial of service exploit for the SIGRed vulnerability in Microsoft Windows DNS.
eba3ff09c3866930772b422c95d78138af6485996de36f20c82bb8f455eee6d1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed