exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 61 RSS Feed

Files from Elazar Broad

Email addresselazarb at earthlink.net
First Active2007-11-09
Last Active2012-06-11
Tom Sawyer Software GET Extension Factory Remote Code Execution
Posted Jun 11, 2012
Authored by rgod, Elazar Broad, juan vazquez | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory due to an incorrect initialization under Internet Explorer. While the Tom Sawyer GET Extension Factory is installed with some versions of VMware Infrastructure Client, this module has been tested only with the versions installed with Embarcadero Technologies ER/Studio XE2 / Embarcadero Studio Portal 1.6. The ActiveX control tested is tsgetx71ex553.dll, version 5.5.3.238. This Metasploit module achieves DEP and ASLR bypass using the well known msvcr71.dll rop chain. The dll is installed by default with the Embarcadero software, and loaded by the targeted ActiveX.

tags | exploit, remote, code execution, activex
advisories | CVE-2011-2217, OSVDB-73211
SHA-256 | 9ea26d2b6cb47fda41b9580e28eab68d2c736833da3e4ee9317fb28219b79c3f
iDEFENSE Security Advisory 2011-05-03.1
Posted Jun 7, 2011
Authored by iDefense Labs, Elazar Broad | Site idefense.com

iDefense Security Advisory 05.03.11 - Remote exploitation of a memory corruption vulnerability in Tom Sawyer Software's GET Extension Factory could allow an attacker to execute arbitrary code with the privileges of the affected user. The vulnerability exists within the way that Internet Explorer instantiates GET Extension Factory COM objects, which is not intended to be created inside of the browser. The object does not initialize properly, and this leads to a memory corruption vulnerability that an attacker can exploit to execute arbitrary code. iDefense has confirmed Tom Sawyer's Default GET Extension Factory 5.5.2.237, tsgetxu71ex552.dll and tsgetx71ex552.dll to be vulnerable. VMWare VirtualCenter 2.5 Update 6, VirtualCenter 2.5 Update 6a is vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2217
SHA-256 | 89e761d3006064aa0cb7047c51e258a8fb835fa7074ae8fa3a7bc2617ae3788a
SapGUI BI 7100.1.400.8 Heap Corruption
Posted Jul 20, 2010
Authored by Elazar Broad

SapGUI BI version 7100.1.400.8 heap corruption exploit that launches calc.exe.

tags | exploit
SHA-256 | 0a2aec950e56fddda7c1b46af3772494756689d2d2fb0233a1faf4ab06f90173
SAPGui BI wadmxhtml.dll Tags Property Heap Corruption
Posted Jul 16, 2010
Authored by Elazar Broad

The SAPGui BI component version 7100.1.400.8 suffers from a heap corruption vulnerability that can result in the execution of arbitrary code.

tags | advisory, arbitrary
SHA-256 | 48281966e185d95a67bcf3b10926975fea33c0f7622999f0956eade3661b272b
WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow
Posted Mar 4, 2010
Authored by Tobias Klein, Elazar Broad, Guido Landi | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in WebEx's WebexUCFObject ActiveX Control. If an long string is passed to the 'NewObject' method, a stack- based buffer overflow will occur when copying attacker-supplied data using the sprintf function. It is noteworthy that this vulnerability was discovered and reported by multiple independent researchers.

tags | exploit, overflow, activex
advisories | CVE-2008-3558
SHA-256 | e43768f68be7b3013f27418eda7f1bf2522747aecec1b523657fd01ec1c70da7
iDEFENSE Security Advisory 2010-03-02.1
Posted Mar 3, 2010
Authored by iDefense Labs, Elazar Broad | Site idefense.com

iDefense Security Advisory 03.02.10 - Remote exploitation of a stack-based buffer overflow vulnerability in IBM Corp.'s Lotus Domino Web Access ActiveX control could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerable function takes an attacker-controlled URL, and copies it into a fixed-size stack buffer. No validation checks are performed on the length of the URL. By passing in a long URL string, it is possible to trigger a stack-based buffer overflow, resulting in the execution of arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, activex
SHA-256 | d7bb11918744f40858388713a6cadb9a010141307cf776efd3f5a90a2856dc85
HP StorageWork 1/8 G2 Tape Autoloader Privilege Escalation
Posted Jan 11, 2010
Authored by Sh2kerr, Elazar Broad | Site dsecrg.com

HP StorageWorks 1/8 G2 Tape Autoloader suffers from denial of service and privilege escalation vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2009-2680
SHA-256 | 1796e1effd5dcca9f3b5760999cef870ea8e8cc8bf86fbd5442cd59e0b319642
Autodesk IDrop ActiveX Control Heap Memory Corruption
Posted Nov 26, 2009
Authored by Elazar Broad, Trancer | Site metasploit.com

This Metasploit module exploits a heap-based memory corruption vulnerability in Autodesk IDrop ActiveX control (IDrop.ocx) version 17.1.51.160. An attacker can execute arbitrary code by triggering a heap use after free condition using the Src, Background, PackageXml properties.

tags | exploit, arbitrary, activex
SHA-256 | ed9e481ead1489a1daf2b9cee8648d7e139f01c0d32d6ba6537f09d38141d0c1
IBM Lotus Domino Web Access Upload Module Buffer Overflow
Posted Nov 26, 2009
Authored by Elazar Broad | Site metasploit.com

This Metasploit module exploits a stack overflow in IBM Lotus Domino Web Access Upload Module. By sending an overly long string to the "General_ServerName()" property located in the dwa7w.dll and the inotes6w.dll control, an attacker may be able to execute arbitrary code.

tags | exploit, web, overflow, arbitrary
advisories | CVE-2007-4474
SHA-256 | db688071a11a57ace62f20772c549782d9dff2fc8a961055995a997b12f772df
Symantec BackupExec Calendar Control Buffer Overflow
Posted Nov 26, 2009
Authored by Elazar Broad | Site metasploit.com

This Metasploit module exploits a stack overflow in Symantec BackupExec Calendar Control. By sending an overly long string to the "_DOWText0" property located in the pvcalendar.ocx control, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2007-6016
SHA-256 | 35830d0832948d41cb04a73d18bd6db9f598b503253e0032efcd4dafeaae3fbe
iDEFENSE Security Advisory 2009-10-13.2
Posted Oct 14, 2009
Authored by iDefense Labs, Elazar Broad | Site idefense.com

iDefense Security Advisory 10.13.09 - Remote exploitation of a use after free vulnerability in Adobe Systems Inc.'s Acrobat and Reader Firefox plugin could allow an attacker to execute arbitrary code with the privileges of the current user. When Adobe Acrobat/Reader is installed, it also installs various browser plugins that allow PDF documents to be viewed in the browser. This vulnerability occurs within the Firefox browser plugin. The Internet Explorer version is not affected. The vulnerability occurs when Firefox attempts to navigate away from a page and unload the PDF viewing plugin. When Firefox calls the plugin's destroy method, the plugin does not properly free its resources. Specifically, a function pointer for the window update routine is not properly freed. This results in uninitialized memory being used when the window is redrawn, which leads to attacker supplied data being executed when the function pointer is dereferenced. iDefense has confirmed the existence of this vulnerability in Acrobat and Reader versions 8.1.3, 8.1.4, 8.1.5, and 8.1.6. Previous versions are also likely affected. Version 9.1.3 and previous 9.x versions are not affected.

tags | advisory, remote, arbitrary
advisories | CVE-2009-2991
SHA-256 | 26d2526e5fa4a158dc90e307c84a2c19f9b708a1d9689add295e4f768fab5f65
SAP GUI VSFlexGrid Active-X Buffer Overflow
Posted Oct 8, 2009
Authored by Sh2kerr, Elazar Broad | Site dsecrg.com

The VSFLEXGrid component of the SAP GUI is susceptible to a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 04d60f014b9f2a3d08a47e1adb8e4bb8844b3ade41a517d5445b1dd291408bc4
Autodesk IDrop ActiveX Code Execution
Posted Apr 29, 2009
Authored by Elazar Broad

Autodesk IDrop remote code execution Active-X related exploit.

tags | exploit, remote, code execution, activex
SHA-256 | 7c9c190ffc784d425b6ced4e31666ab13e643782cb0241ab22e64961271029ed
Autodesk IDrop Active-X Control
Posted Apr 2, 2009
Authored by Elazar Broad

The Src, Background, PackageXml properties in the Autodesk IDrop Active-X control, IDrop.ocx version 17.1.51.160, can be manipulated to trigger a heap use after free condition resulting in arbitrary remote code execution.

tags | advisory, remote, arbitrary, code execution, activex
SHA-256 | 1fbcf13d54df0e114fd96ea3f5e09559387f9e25c424f2d139670a609329cc27
Belkin BullDog Buffer Overflow
Posted Mar 9, 2009
Authored by Elazar Broad

Belkin BullDog Plus UPS-Service buffer overflow exploit that binds a shell to port 4444.

tags | exploit, overflow, shell
SHA-256 | b618160c09e59803fe7c32c8d7abf7d6978e1c98bf9aa4e15cfffb8fc6be6a40
Imera Code Execution
Posted Mar 3, 2009
Authored by Elazar Broad

The Imera ImeraIEPlugin.dll version 1.0.2.54 suffers from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
SHA-256 | 4fec98095b98c4e50689fb2b454b7ab1bde5684601a56db62c95836de5a60c9c
webex-overflow.txt
Posted Aug 6, 2008
Authored by Elazar Broad

The Webex Meeting Manager utilizes several ActiveX controls, one of which is vulnerable to a stack based buffer overflow. The atucfobj Module contains a single method called NewObject() who's only parameter is vulnerable to this issue.

tags | advisory, overflow, activex
SHA-256 | 59ed4c8c159f8391f384540b98af79d0c0a34c51e5561014af355d1b1ad355ad
trendmicro-activex.txt
Posted Jul 29, 2008
Authored by Elazar Broad

OfficeScan versions 7.3 build 1343 Patch 4 and below from Trend Micro suffer from an ActiveX related buffer overflow vulnerability.

tags | advisory, overflow, activex
SHA-256 | 0c2b50cf8236ae8bf547a71005cc9d2fd221cd85aa987b33776ee4ecb0137c00
realplayer-exec.txt
Posted Jul 26, 2008
Authored by Elazar Broad

RealPlayer suffers from a vulnerability where the WindowName and Controls properties of rmoc3260.dll do not manage heap memory properly resulting in a use after free condition which can overwrite heap management structures resulting in code execution. RealPlayer 11, 10.5, 10, and Enterprise are all affected.

tags | advisory, code execution
SHA-256 | f4a867bf834fd12002bf185f61e63741d9d542b0daa5b3009f9be2f18b59f04c
realplayer_console.rb.txt
Posted Apr 2, 2008
Authored by Elazar Broad

This Metasploit module exploits a heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code.

tags | exploit, arbitrary, activex
advisories | CVE-2008-1309
SHA-256 | fe18e54c7136e0f4ddd02005a5baa3b152573f829ae72ec39f0b69c9755ba6b6
realplayer-activexexec.txt
Posted Apr 2, 2008
Authored by Elazar Broad

Exploit for the heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code.

tags | exploit, arbitrary, activex
advisories | CVE-2008-1309
SHA-256 | 9c9470fc73ec08b731d851e037405e4cdd3056a7576b171fc5620b4f9224c9bb
realplayer-activex.txt
Posted Mar 13, 2008
Authored by Elazar Broad

The Real Networks RealPlayer ActiveX controller appears to suffer from a heap corruption vulnerability.

tags | advisory, activex
SHA-256 | 9919e8e59146b8fa84af60f145dcf038f509555dc92a70d72cf6abc85bb3d5b5
symantecback-overflow.txt
Posted Mar 3, 2008
Authored by Elazar Broad

Symantec BackupExec Calendar Control (PVCalendar.ocx) buffer overflow exploit. and spawns calc.exe or a shell on tcp/4444.

tags | exploit, overflow, shell, tcp
SHA-256 | 7cc83a1c05db405770519c88f6e3ec43de346367d2eeba3e528271a2e98f74c8
move-overflow.txt
Posted Feb 26, 2008
Authored by Elazar Broad

Move Networks Quantum Streaming Player control buffer overflow exploit that makes use of UploadLogs() and spawns calc.exe or a shell on tcp/4444.

tags | exploit, overflow, shell, tcp
SHA-256 | 41972e252273ea4153b87f7b4e73c6695c69ac621662f7c3de0afdde0d621999
citrix-overflow.txt
Posted Feb 13, 2008
Authored by Elazar Broad

Citrix Presentation Server Client WFICA.OCX ActiveX component heap buffer overflow exploit.

tags | exploit, overflow, activex
advisories | CVE-2006-6334
SHA-256 | 1d5f55c08aed2772a1687dc30b77a07987a65136e0be10cbf56ee59a69461f8d
Page 1 of 3
Back123Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close