A nice little client side exploit here. Download the very latest Quicktime version from Apple.com (3rd Sept 2010) and check for updates to ensure you have the latest version….It is fully exploitable!.
Within Metasploit it creates a webserver that the client must browse to, once the client browses it exploits a vulnerability within Quicktime. It then moves the process ID from iexplore.exe to notepad.exe and close internet explorer, this was the user will probably not be away anything has happened.

Social Sharing