exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files from Derek Soeder

Email addressds.adv.pub at gmail.com
First Active2004-05-13
Last Active2012-09-07
Internet Explorer Script Interjection Code Execution
Posted Sep 7, 2012
Authored by Derek Soeder

The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.

tags | advisory, web, arbitrary, code execution, protocol
systems | windows
SHA-256 | b4b1af1414616836794ade27cea928934b749ebd739b732498a4491702561254
Internet Explorer Script Interjection Code Execution
Posted Aug 17, 2012
Authored by Derek Soeder

The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.

tags | advisory, web, arbitrary, code execution, protocol
systems | windows
SHA-256 | 96288d159c287c058009d8e91825a92c22beb920a6169e740a20af44b919357b
VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory
Posted May 8, 2012
Authored by Derek Soeder

The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven.

tags | advisory
advisories | CVE-2012-1517
SHA-256 | 6b511360ce2598e1deb986ad52df1981db6e70d11d4357b2353ea14c01410c67
VMware Backdoor Response Uninitialized Memory Potential VM Break
Posted May 6, 2012
Authored by Derek Soeder

The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven. In the event that arbitrary code execution in the VMX process is possible, kernel privileges can be obtained on a Windows host by abusing the VMX process's special access to a VMware driver, meaning the maximum possible impact of this vulnerability is elevation from unprivileged guest code execution to host kernel code execution.

tags | exploit, arbitrary, kernel, code execution
systems | windows
advisories | CVE-2012-1516
SHA-256 | faaa583588ea28e78dd0709b7d226804732abda76965a7dc1e8370600d08440f
VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation
Posted Mar 30, 2012
Authored by Derek Soeder

VMware suffers from a backdoor ROM overwrite privilege escalation vulnerability.

tags | exploit
advisories | CVE-2012-1515
SHA-256 | b9592c21e5137b1c05d3912f92d7e5520576843ea7ebeb78d6e4e04c2e626f17
Intuit Help System Protocol File Retrieval
Posted Mar 30, 2012
Authored by Derek Soeder

Intuit Help System suffers from protocol file retrieval vulnerability.

tags | exploit, protocol
SHA-256 | 65677d6250ef2ab1e9b970ddb24217950a01b3edbee65118c3e2ebe4ee508a3d
Intuit Help System Heap Corruption / Memory Leak
Posted Mar 30, 2012
Authored by Derek Soeder

Intuit Help System suffers from protocol URL heap corruption and memory leak vulnerabilities.

tags | exploit, vulnerability, protocol, memory leak
SHA-256 | 28c43548d0a76f1624a1a7bef0b4301fe6ec08af383b75c0a01f373d96370407
createEventObject Pointer Vulnerability Mitigation
Posted Jan 19, 2010
Authored by Derek Soeder

This is another dirty mitigation for another Internet Explorer zero-day vulnerability. This mitigation works by registering as a Browser Helper Object, then modifying MSHTML.DLL in memory to break createEventObject.

SHA-256 | 8c85083512e2220e17ed05326b82b0f41b1ad183aa7d0a19e8113810fac21dad
Microsoft IIS Semi-Colon Mitigation Code
Posted Dec 30, 2009
Authored by Derek Soeder

This code was released to mitigate the Microsoft IIS semi-colon vulnerability. It's intended for IIS 4.0, 5.x, and 6.0.

SHA-256 | 258979f3104b310429262a5ee76831642e3256b938d895463e1848938fa31d00
Internet Explorer MSHTML.DLL Modifier
Posted Nov 23, 2009
Authored by Derek Soeder

This code is for a DLL that loads into Internet Explorer as a BHO and modifies MSHTML.DLL in memory to mitigate attempts by the getElementsByTagName Body Style vulnerability.

SHA-256 | 29e82a2de8203195dcfb1971c885efe9081f588afdf4034ea888c3643b4303b7
vmware-guestescalate.txt
Posted Nov 8, 2008
Authored by Derek Soeder

By exploiting either of the VMware flaws described in this document, user-mode code executing in a virtual machine may gain kernel privileges within the virtual machine, dependent upon the guest operating system. The flaws have been proven exploitable on x64 versions of Windows, and they have produced potentially exploitable crashes on x64 versions of *BSD. The Linux kernel does not allow exploitation of these flaws on x64 versions of Linux.

tags | advisory, kernel
systems | linux, windows, bsd
advisories | CVE-2008-4279, CVE-2008-4915, CVE-2008-3890
SHA-256 | 00028132b68b6b52ccbf9adca27a78831980d6aa94845933c21f512a28b129b3
vmware-emulation.txt
Posted Oct 6, 2008
Authored by Derek Soeder

By exploiting the VMware flaw described in this document, user-mode code executing in a virtual machine may gain kernel privileges within the virtual machine, dependent upon the guest operating system. The flaw has been proven exploitable on x64 versions of Windows, and it has produced potentially exploitable crashes on x64 versions of *BSD. The Linux kernel does not allow exploitation of the flaws on x64 versions of Linux.

tags | advisory, kernel
systems | linux, windows, bsd
advisories | CVE-2008-4279, CVE-2008-3890
SHA-256 | bc46bdf127b13616ebd5b44a7bcba711654e92899537c4c70c898cd5d96217a6
EEYE-VGX.txt
Posted Aug 15, 2007
Authored by Derek Soeder, Ben Nagy | Site eeye.com

eEye Digital Security has discovered a heap overflow vulnerability in VGX.DLL's processing of compressed content referenced from VML. VGX.DLL is the Microsoft component responsible for rendering VML (Vector Markup Language) within Internet Explorer.

tags | advisory, overflow
SHA-256 | 9b1cfee5014a419ac428eac7004f0bbeb5caae72cf8de6073a0fb45a9a602d41
EEYE-csrss.txt
Posted Apr 11, 2007
Authored by Derek Soeder | Site eeye.com

eEye Digital Security has discovered a local privilege escalation vulnerability in Windows Vista that allows a program executing without privileges to fully compromise an affected system. A malicious user or malware program could exploit this vulnerability to execute arbitrary code with SYSTEM privileges within the CSRSS process, permitting the bypass of Vista's vaunted user privilege limitations and administrator approval mode. By establishing and closing multiple connections to CSRSS's "ApiPort", an application may cause a private data structure within CSRSS that describes its process to be used after it has been freed, creating an exploitable "dangling pointer" condition. This vulnerability is entirely separate from the CSRSS NtRaiseHardError message box flaw publicly disclosed in December 2006, although both affect code within the CSRSS process. It is interesting to note that this vulnerability only affects Windows Vista, due to new, flawed code added to CSRSRV.DLL in support of functionality introduced in Vista.

tags | advisory, arbitrary, local
systems | windows
SHA-256 | 9e3f9423f653ac1b326017f5be448337555ba6f9473c7cb24c27270a9d983e2d
EEYE-vdmzero.txt
Posted Apr 11, 2007
Authored by Derek Soeder | Site eeye.com

eEye Digital Security has discovered a local privilege escalation vulnerability in the Windows kernel that allows an unprivileged user with the ability to execute a program to fully compromise an affected system. All x86 versions of Windows up to and including Windows Server 2003 SP2 are vulnerable. The Windows kernel's Virtual DOS Machine (VDM) implementation features a race condition through which a malicious program can modify the first 4KB page of physical memory (also known as the "zero page"). The data in this region of memory is trusted and may be subsequently used by other Virtual DOS Machines, including a VDM instantiated by the Windows kernel as part of hibernating or effecting a blue-screen crash. Exploitation of this vulnerability therefore allows arbitrary code to run within other users' VDM processes, and even within the kernel if hibernation or a blue-screen can be provoked by any available means.

tags | advisory, arbitrary, x86, kernel, local
systems | windows
SHA-256 | caf6c1119af3dab28ff1f2c0a10db34ba618823144b84c2fc3c5d0c70a778133
EEYE-Intel.txt
Posted Dec 8, 2006
Authored by Derek Soeder | Site eeye.com

eEye Digital Security has discovered a vulnerability in all Intel network adapter drivers ("NDIS miniport drivers") that could allow unprivileged code executing on an affected system to gain unfettered, kernel-level access. For instance, a malicious user, malware, or exploit payload taking advantage of an unrelated vulnerability could additionally exploit this vulnerability in order to completely compromise a system at the kernel level.

tags | advisory, kernel
SHA-256 | 6954f6306f926edd1c4a4b0dcac3b5fd90102d5b9255732d3a228f9efd4ef61a
EEYE-adm21x.txt
Posted Dec 7, 2006
Authored by Derek Soeder | Site research.eeye.com

eEye Digital Security has discovered a stack buffer overflow in Adobe Download Manager, a utility typically installed for the purpose of downloading Adobe software such as Adobe (Acrobat) Reader. By opening a malicious AOM file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Adobe Download Manager versions 2.1.x and below are affected.

tags | advisory, overflow, arbitrary
SHA-256 | 5fe805f75d967bc79ae983d8de02831c3dd55807784e321a24b62a1b32608e17
EEYE-MSWS.txt
Posted Nov 16, 2006
Authored by Derek Soeder, JeongWook Matt Oh | Site research.eeye.com

A flaw exists in a default Windows component called the "Workstation Service" that when exploited allows for remote code execution in SYSTEM context, allowing an attacker to take complete control of affected systems. Systems affected include Windows 2000 (Remote Code Execution), Windows XP SP1 (Local Privilege Escalation).

tags | advisory, remote, local, code execution
systems | windows
SHA-256 | 367cc68f34ddc938cf2dcc518afe55cf78d89fa4e11fb54f7de27032d7c6cf8e
EEYEB-20080824.txt
Posted Sep 13, 2006
Authored by Derek Soeder | Site research.eeye.com

eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | 69775c157322e3ccfd4e271a49bc2f9a19813713532ec62e509a70315569839c
EEYE-MS06-042-2.txt
Posted Aug 28, 2006
Authored by Derek Soeder | Site eeye.com

eEye Digital Security has discovered a heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Only Windows 2000 and Windows XP SP1 systems running Internet Explorer 6 SP1 with the MS06-042 patch applied are vulnerable.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | 140740018944f8f8fb1cd1ce93819ababbcebc675a58daa37730a7bec43591c1
EEYE-MS06-042.txt
Posted Aug 27, 2006
Authored by Derek Soeder | Site eeye.com

eEye has confirmed that the Internet Explorer crash vulnerability as described in MS06-042 is indeed exploitable.

tags | advisory
SHA-256 | 25511fcd2687aa34d588259c7d6ccedff89b97a4eb9e6853540042e50efcb196
EEYE-ePolicy.txt
Posted Jul 15, 2006
Authored by Barnaby Jack, Derek Soeder | Site eeye.com

eEye Digital Security has discovered a serious flaw within the Framework Service component of the McAfee EPO management console. The Framework service is enabled and running by default on all servers and agents. The framework service listens by default on port 8081 and accepts requests over the HTTP protocol. The framework service allows for remotely submitting configuration and update changes. Each request is encrypted, SHA-1 hashed and DSA signed, and written to a file on disk. Due to a directory traversal attack, it is possible to write any file with any contents to anywhere on the remote system. This flaw allows a remote attacker to anonymously compromise an affected system and execute code within the SYSTEM context. Systems affected are McAfee Common Management (EPO) Agent versions below version 3.5.5.438.

tags | advisory, remote, web, protocol
SHA-256 | e8932eda7f9807583c185c48202c7d94d5af0ec25e49315aa830489d37bd37ed
AD20060509a.txt
Posted May 21, 2006
Authored by Derek Soeder | Site eeye.com

eEye Digital Security has discovered a second vulnerability in the Microsoft Distributed Transaction Coordinator that could allow an attacker to take complete control over a vulnerable system to which he has network or local access. The vulnerable MSDTC component is an RPC server which is network accessible by default on Windows NT 4.0 Server and Windows 2000 Server systems, over a dynamic high TCP port.

tags | advisory, local, tcp
systems | windows
SHA-256 | 192be6a692079e390dfd075f67d40f516ee863e78178cd3506d900f7f78ed647
EEYEB-20050523.txt
Posted Dec 14, 2005
Authored by Derek Soeder | Site eeye.com

eEye Security Advisory - eEye Digital Security has discovered a local privilege escalation vulnerability in the Windows kernel that could allow any code executing on a Windows NT 4.0 or Windows 2000 system to elevate itself to the highest possible local privilege level (kernel).

tags | advisory, kernel, local
systems | windows
advisories | CVE-2005-2827
SHA-256 | 833bb985f7ebc68cacbf3f7fb0eeed820e4e83d92d17cfe255f77d5fe1397c4f
eEye.WindowsSMB.txt
Posted Feb 23, 2005
Authored by Yuji Ukai, Derek Soeder | Site eeye.com

eEye Security Advisory - eEye Digital Security has discovered a vulnerability in Windows SMB client's handling of SMB responses. An attacker who can cause an affected system to connect to the SMB service on a malicious host may exploit this vulnerability in order to execute code on the victim's machine.

tags | advisory
systems | windows
SHA-256 | fb5cde16136522ffabad3105abe6c68b80f0e9d341455fd15d9d4f83ad98b828
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    31 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close