Internet explorer version detection & ROP genration

Written by ZD. Posted in Blog

Hello all

 

Once upon a time I was writing some exploit for internet explorer. The problem for exploiting IE was that I had no capability to detect exact version of mshtml.dll module. So my ROP gadgets were working only for one exact version of unpatched DLL. To overcome this hurdle and write some exploits that work on every unpatched system I had to solve two problems:

-        Find a way to detect mshtml module version

-        Automatically generate ROP gadgets for archive of mshtml.dll