Description: This video shows a demo of the MS09-002 vulnerability in Internet Explorer 7. This vulnerability is relatively simple to exploit, as all an attacker needs to do is somehow lure the victim to view a crafted URL using the affected version of Internet Explorer. In this demo, the author, WirelessPunter shows how this vulnerability can be easily exploited in a LAN environment by DNS poisoning victims so that the web requests are redirected to the attacker's web server. Once the redirection happens, the victim is served the crafted URL because of which Internet Explorer succumbs and spawns a remote shell, which the attacker can use. Also, other ways to exploit this could be to lure the victim to a website which the attacker controls. This is one of those attacks which Phishers and Spammers could kill to get their hands on!
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.