This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
77a69a99c5c235c2339e0f087749f6b147c5953684914f6479b3edef34269f9aThis is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encounted when using the equivalent bind payloads. Your mileage may vary.
8d9c928e6cd1a6002436a9b5bc1e9d94a868525515b51e06f0839ad3d7e7a68eExploit for a buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server for versions 2.4.3 and below. Note that the vulnerable code only exists in versions compiled with the --enabled-kbind option.
caeceb13a21843c70ef44e4acb32c112873063011f8be8a62366988ea194cee7There is a remotely exploitable buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server for versions 2.4.3 and below. Note that the vulnerable code only exists in versions compiled with the --enabled-kbind option.
54270c3ab1c76258b3f9b734939eb5302564892ad181533e51b47cc846db885dOpenSSL v0.9.6d and below remote exploit for Apache/mod_ssl servers which takes advantage of the KEY_ARG overflow. Tested against most major Linux distributions. Gives a remote nobody shell on Apache and remote root on other servers. Includes an OpenSSL vulnerability scanner which is more reliable than the RUS-CERT scanner and a detailed vulnerability analysis.
c88611b47510d29c7ffc79305da0f9f807c86eca08d9f8b917f5dc22497b79bfonesixtyone 0.3 is an efficient SNMP scanner which utilizes a sweep technique to achieve good performance. It finds SNMP devices on your network and brute-forces the community strings using a dictionary. It is possible to scan a class B network (65536 ip addresses) in under 13 minutes with a high degree of accuracy. Tested on Linux, FreeBSD, OpenBSD and Solaris.
0baedfe247ea6e07cb88efdc67ca4e7a47bf6457a6de0a5cb0cc8f3851085203Onesixtyone 0.2 is an efficient SNMP scanner which utilizes a sweep technique to achieve good performance. It finds SNMP devices on your network and brute-forces the community strings using a dictionary. It is possible to scan a class B network (65536 ip addresses) in under 13 seconds with a high degree of accuracy.
c38ddf5c0728cab9405505ecd67ca0397428815f22a15c5856c6770b5df41a44This paper describes in detail the exploitation of the libc locale format string vulnerability on Solaris/SPARC. The full source code for the exploit is presented and some details of the implementation are discussed.
7b17fe99c5995c3700f946e8abe827d958a46295cd8e9068e1a590b08b7ef993This article explains the basics of Windows 9x kernel module development and contains the full source of a VXD based loadable kernel module (LKM) named Burning Chrome which captures TCP and dialup traffic and emails captured passwords. It is virtually undetectable with standard windows tools.
87fa9aee4577a7193e8075c35f0eb9896c3eada29f7e2ade9ad39bfb0815ca1aRiched20.dll, which Microsost wordpad uses, is vulnerable to a buffer overflow attack. This paper gives lots of detailed information on of exploiting this vulnerability.
3f1b59360021dd122d37fd44d66487de0c4de9144e6bb58b16b27327eed42ef1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed