This is a re-creation of a classic Internet Explorer heap overflow exploit from an older era, when exploitation techniques were far simpler and contained tricks like heap sprays and BSTR length overflows (often infeasible today).
While initially experimenting with this genre of old classics I studied quite a few of the Metasploit modules and found some very unsatisfactory. MS12-037 in particular, I felt was lacking enough in its Metasploit rendition to merit a re-creation. My variation of the exploit contains bug fixes, as well a memory leak for ASLR bypass and pseudo-dynamic ROP chain creation.
This is a re-creation of a classic Internet Explorer Use-After-Free vulnerability and was the first (and simplest) exploit I've ever written. It relies on a hardcoded ROP chain built from gadgets within the non-ASLR CRT DLL shipped with old versions of the Java Runtime Environment.
The UAF itself is so basic that all it allows for is a EIP hijack, hence why I did not make any upgrades to it. I highly suggest mastering this exploit to any beginner in memory corruption exploits, particularly heap corruption/UAF. Its simplicity lends itself well to analysis and understanding, and there are several good analysis of it already in existence.