CVE-2019-0768 PoC — Microsoft Internet Explorer 输入验证错误漏洞

Source

https://github.com/ruthlezs/ie11_vbscript_exploit

Associated Vulnerability

Title:Microsoft Internet Explorer 输入验证错误漏洞 (CVE-2019-0768)
Description:A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

Description

Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11)

Readme

# IE11 VBScript Exploit
Exploit Generator for CVE-2018-8174 &amp; CVE-2019-0768 (RCE via VBScript Execution in IE11)

# Prerequisite
- Metasploit
- msfvenom

# Usage
python ie11_vbscript.py [Listener IP] [Listener Port]

# Instruction
1. Use this script to generate "exploit.html"
2. Host the html file on your server
3. Setup a handler with windows/meterpreter/reverse_tcp in Metasploit
4. In your handler, set AutoRunScript with "post/windows/manage/migrate"
5. Perform social engineering attack with the payload url

# Credit
https://www.exploit-db.com/exploits/44741

# CVEs
https://nvd.nist.gov/vuln/detail/CVE-2018-8174
https://nvd.nist.gov/vuln/detail/CVE-2019-0768

File Snapshot


 [4.0K]  /data/pocs/fd705dd501037bc02b1c96f3f0bfebc13e24d3b5
├── [ 10K]  ie11_vbscript.py
├── [1.0K]  LICENSE
└── [ 673]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!