Yesterday, i started playing around with the MS06-006 vulnerability(the one with the BMP thingie). I must have spent around… 3 hours trying to grab EIP. I gave up after a while because I could not find any constant address. And I just found out today that another person who has been playing around with MS06-006 had the same conclusion. The crashes were random, and it’s not that easy to create a reliable exploit for this. Mostly, just a DOS.
So last night, while the girlfriend was watching Brokeback Mountain (i had too much fun creating my own dialogue for the characters, the girlfriend got annoyed since she could not listen to the story, so she kicked me out of the tv area), i decided to do the MS06-005 vulnerability, or the Windows-Media-Player-Embed-Src-vuln-for-other-browsers-except-IE.
Which means, if you’re using firefox, or other browsers (i’m not sure what type of browsers exactly), better patch now if you’re still using firefox. The exploit is fairly easy to create, and allows for automatic code execution. Spyware, anyone?
Update(JJ, 17 February 2006 17:08:02)
FR-Sirt now has a Metasploit plugin for this exploit on their site.