Rewrite description for MS13-005

Tod Beardsley · Tod Beardsley · commit 5ea67586c897 · 2013-08-05T09:29:29.000-05:00
The first part of the description was copy-pasted from http://packetstormsecurity.com/files/122588/ms13_005_hwnd_broadcast.rb.txt which contained some grammatical errors. Please try to avoid cribbing other researchers' descriptions directly for Metasploit modules.
diff --git a/modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb b/modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb
@@ -22,21 +22,19 @@ def initialize(info={})
 		super( update_info( info,
 			'Name'		=> 'MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation',
 			'Description'	=> %q{
-				The Windows kernel does not properly isolate broadcast messages from low integrity
-				applications from medium or high integrity applications. This allows commands to be
-				broadcasted to an open medium or high integrity command prompts allowing escalation
-				of privileges. We can spawn a medium integrity command prompt, after spawning a low
-				integrity command prompt, by using the Win+Shift+# combination to specify the
-				position of the command prompt on the taskbar. We can then broadcast our command
-				and hope that the user is away and doesn't corrupt it by interacting with the UI.
-				Broadcast issue affects versions  Windows Vista, 7, 8, Server 2008, Server 2008 R2,
-				Server 2012, RT. But Spawning a command prompt with the shortcut key does not work
-				in Vista so you will have to check if the user is already running a command prompt
-				and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded
-				payload from a Web location.  The FILE technique will drop an executable to the
-				file system, set it to medium integrity and execute it. The TYPE technique will
-				attempt to execute a powershell encoded payload directly from the command line but
-				it may take some time to complete.
+				Due to a problem with isolating window broadcast messages in the Windows kernel,
+				an attacker can broadcast commands from a lower Integrity Level process to a
+				higher Integrity Level process, thereby effecting a privilege escalation. This
+				issue affects Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, and
+				RT. Note that spawning a command prompt with the shortcut key combination Win+Shift+#
+				does not work in Vista, so the attacker will have to check if the user is already
+				running a command prompt and set SPAWN_PROMPT false.
+
+				Three exploit techniques are available with this module. The WEB technique will
+				execute a powershell encoded payload from a Web location.  The FILE technique
+				will drop an executable to the file system, set it to medium integrity and execute
+				it. The TYPE technique will attempt to execute a powershell encoded payload directly
+				from the command line, but may take some time to complete.
 			},
 			'License'	=> MSF_LICENSE,
 			'Author'	=>
