CVE-2009-2477

This exploit targets CVE-2009-2477, a heap-based buffer overflow in Adobe Reader and Acrobat. It uses JavaScript heap spraying and ROP gadgets to achieve remote code execution, delivering a reverse shell payload.

This Metasploit module exploits a memory corruption vulnerability in Firefox 3.5's JavaScript interpreter, where the escape() function fails to preserve its return value, leading to uninitialized memory usage. The exploit uses heap spraying to achieve remote code execution.

This exploit leverages a heap spray technique to execute arbitrary shellcode in Firefox 3.5 via a crafted HTML page. The shellcode is encoded with Shikata Ga Nai and binds a shell to port 5500.

This exploit leverages a heap spray technique to achieve remote code execution in Firefox 3.5 by triggering a vulnerability in the browser's handling of JavaScript. It delivers a shellcode payload (encoded with Shikata Ga Nai) that binds a shell to port 5500.

This exploit leverages a heap spray technique to trigger a vulnerability in Firefox 3.5, executing arbitrary shellcode (calc.exe) via JavaScript. The PoC demonstrates memory corruption by spraying the heap with NOP sleds and shellcode, then manipulating DOM elements to achieve code execution.

This Metasploit module exploits a memory corruption vulnerability in Firefox 3.5 (CVE-2009-2477) by leveraging a bug in the JavaScript interpreter's handling of the escape() function's return value. It uses heap spraying to achieve remote code execution via a malicious HTML page.