what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files from Cody Pierce

First Active2006-08-18
Last Active2010-07-14
Oracle Secure Backup Scheduler Service Remote Code Execution
Posted Jul 14, 2010
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of commands sent to the obscheduled.exe service listening by default on TCP port 1026, or 1027. Due to a lack of bounds checking on a specific command sequence the program stack can be overwritten with user controlled data. Successful exploitation can lead to remote system compromise under the SYSTEM credentials.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2010-0898
MD5 | 52dcf2ee7632ebaf6818572daef4ac2a
Sophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation
Posted Jun 12, 2010
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

This vulnerability allows local attackers to execute arbitrary code in kernel space on vulnerable installations of Sophos Anti-Virus. Local access to the system is required to leverage the vulnerability. The specific flaw exists in the handling of the system call NtQueryAttributesFile by the filter driver savonaccessfilter.sys. Due to improper handling of parameters to the function pool corruption can occur in kernel space. A local attacker can leverage this to execute arbitrary code in ring 0.

tags | advisory, arbitrary, kernel, local, virus
MD5 | da6648aede8819ac00c9d44844906833
Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution
Posted Feb 10, 2010
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint Viewer. User interaction is required to exploit this vulnerability in that the target must open a malicious PowerPoint PPT file. The specific flaw exists in the handling of TextCharsAtom (0x0fa0) records contained in a PPT file. Due to the lack of bounds checking on the size argument an unchecked memcpy copies user-supplied data from the file to the stack, overflowing key exception structures. Exploitation of this vulnerability can lead to remote compromise of the affected system under the credentials of the currently logged in user.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-0034
MD5 | 5275dff0fa65e6141a8ddb09dcd5348a
Microsoft Windows License Logging Service Heap Corruption
Posted Nov 17, 2009
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required on certain configurations to exploit this vulnerability. The specific flaw exists in the handling of RPC calls to the License Logging Service (llssrv.exe). When processing arguments to the LlsrLicenseRequestW method a character array is expected to contain a terminating null byte. By supplying data that does not end in a null it is possible to overlap a call to lstrcatW, resulting in a heap overflow. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the SYSTEM account.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2009-2523
MD5 | 050e69c37d894fa6b23f500038dee871
NetrGetJoinInformation Heap Corruption
Posted Aug 11, 2009
Authored by Cody Pierce | Site tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Valid user credentials are required to exploit this vulnerability. The specific flaw exists in the Workstation RPC Service. When handling the arguments for the NetrGetJoinInformation function, memory is improperly freed and can lead to remote code execution. Successful exploitation can lead to a remote system compromise under SYSTEM credentials.

tags | advisory, remote, arbitrary, code execution
systems | windows
advisories | CVE-2009-1544
MD5 | 3e898b79f108a4e33b941ece0865a7a7
Microsoft Video Active-X 0-Day Details
Posted Jul 10, 2009
Authored by Cody Pierce | Site tippingpoint.com

This is a complete write up discussing the technical details of the Microsoft Video Active-X control zero day vulnerability.

tags | advisory, activex
MD5 | 1cfda91c9623b360b6e95e519ddf68bd
TPTI-08-07.txt
Posted Oct 15, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows running the Message Queuing service (mqsvc.exe). User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of an RPC request to the Message Queuing Service (mqsvc.exe). By sending a specially crafted RPC request a heap calculation can be controlled and later overflowed during an unchecked string copy operation. By sending a similar request memory can be disclosed to the attacker. Exploitation of the heap overflow leads to full access of the affected system under the SYSTEM context.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2008-3479
MD5 | 2faeb00e2cd02ca785c27c636eb3497d
CAID-scmgw.txt
Posted Jun 5, 2008
Authored by Sebastian Apelt, Cody Pierce | Site www3.ca.com

CA Secure Content Manager contains multiple vulnerabilities in the HTTP Gateway service that can allow a remote attacker to cause a denial of service condition or execute arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
MD5 | 8ec4ecb144db690c89a16b3fe908a140
TPTI-08-05.txt
Posted Jun 5, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust SCM. Authentication is not required to exploit this vulnerability. The specific flaw exists in the HTTP Gateway service icihttp.exe running on port 8080. When issuing a request for a FTP service the process tries to decorate the contents of the transaction. In this particular case by specifying a overly long response to a LIST command a stack buffer can be overflowed. Successful exploitation can lead to complete system compromise under the SYSTEM context.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2008-2541
MD5 | ed99d87dfb33a248a20b62f8abacab57
TPTI-08-03.txt
Posted Mar 13, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed tag a heap allocation can be adversely controlled. When user supplied data is copied to a heap buffer the resulting data results in a arbitrary memory overwrite. If successfully exploited this could lead to system compromise under the credentials of the currently logged in user.

tags | advisory, remote, arbitrary
advisories | CVE-2008-0116
MD5 | 7d12530a43a2ce9e769aa39d05521eb2
TPTI-08-02.txt
Posted Jan 17, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTL Provider Service, CTLProvider.exe, which binds to TCP port 2444. The service operates over a SSL encrypted transport. Due to a logic flaw in the way data is received in a loop a heap allocation can be arbitrarily overflown resulting in the control of subsequent heap chunks. This can lead to arbitrary code execution. Version 4.1(3) is affected.

tags | advisory, remote, overflow, arbitrary, tcp, code execution
systems | cisco
advisories | CVE-2008-0027
MD5 | 16bae68afdced69de791e3694c1655d4
TPTI-08-01.txt
Posted Jan 16, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Image Descriptor (IDSC) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption situation. QuickTime Player version 7.3 and QuickTime PictureViewer version 7.3 are affected.

tags | advisory, arbitrary
systems | apple
advisories | CVE-2008-0033
MD5 | bd2cf318c00dbca727c2bc86358aceb2
TPTI-07-20.txt
Posted Nov 15, 2007
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. QuickTime version 7.2 is affected.

tags | advisory, arbitrary
systems | apple
advisories | CVE-2007-4674
MD5 | 84a8aa55dc1e1a424bd1184790f378bf
TPTI-07-14.txt
Posted Aug 15, 2007
Authored by Pedram Amini, Aaron Portnoy, Cody Pierce | Site dvlabs.tippingpoint.com

Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, vulnerability, code execution
advisories | CVE-2007-1676
MD5 | 42bec810b1475c3040bb5b97899fc85d
TPTI-07-13.txt
Posted Jul 25, 2007
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service, ibserver.exe, which binds to TCP port 3050.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2007-3566
MD5 | 8cf4fbcf329b25381c70d8c3caf254d6
TPTI-07-10.txt
Posted Jun 7, 2007
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Centennial Software XferWan. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of overly long requests to the XferWAN process. When logging requests, user-supplied data is copied to the stack resulting in an exploitable buffer overflow condition.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2007-2514
MD5 | 2c7fbf4a0c55259332aff7d6cbcfef25
TSRT-07-03.txt
Posted Apr 2, 2007
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of America Online with Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected software is America Online 9.0 Security Edition.

tags | advisory, arbitrary
advisories | CVE-2006-5820
MD5 | feed154481807e4597344131ae4096a8
TSRT-06-09.txt
Posted Aug 18, 2006
Authored by Cody Pierce | Site tippingpoint.com

An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the DirectAnimation.DATuple ActiveX control when improperly calling the Nth() method. By supplying a positive integer we can control a data reference calculation that is later used to control execution. The problem is due to the lack of sanity checking on the index used during a call to TupleNthBvrImpl::GetTypeInfo() in danim.dll.

tags | advisory, arbitrary, code execution, activex
advisories | CVE-2006-3638
MD5 | 62ebccb883a929d71f78ed572f32721c
TSRT-06-08.txt
Posted Aug 18, 2006
Authored by Cody Pierce | Site tippingpoint.com

An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability can lead to code execution when instantiating the Internet.HHCtrl COM object through Internet Explorer. The flaw exists due to invalid freeing of heap memory when several calls to the "Image" property of the ActiveX control are performed. By abusing the jscript.dll CScriptBody::Release() function user supplied data can be executed.

tags | advisory, arbitrary, code execution, activex
advisories | CVE-2006-3357
MD5 | 7828ca0ead357bb71ab8824fba67dda7
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    14 Files
  • 14
    Jul 14th
    19 Files
  • 15
    Jul 15th
    11 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close