exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files from Haifei Li

First Active2009-02-06
Last Active2017-04-24
Microsoft Office Word Malicious Hta Execution
Posted Apr 24, 2017
Authored by Haifei Li, Didier Stevens, sinn3r, Nixawk, ryHanson, vysec, wdormann | Site metasploit.com

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. This Metasploit module was created by reversing a public malware sample.

tags | exploit, web, code execution
advisories | CVE-2017-0199
MD5 | 22d66842eeda59c2f386116bd2c8a720
Microsoft Outlook HTML Email Denial Of Service
Posted Mar 28, 2017
Authored by Haifei Li

Microsoft Outlook suffers from an HTML email denial of service vulnerability.

tags | exploit, denial of service
MD5 | 1de2caab98e58bc6521078306c76ef2b
BadWinmail Microsoft Outlook Attack Vector
Posted Dec 16, 2015
Authored by Haifei Li

This whitepaper discloses an attack vector in Outlook that bypasses sandboxing using a TNEF email or MSG attachment.

tags | advisory
MD5 | 00735302ff891981f97f591e8d7796d2
MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python
Posted Nov 14, 2014
Authored by Haifei Li, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. Please keep in mind that some other setups such as those using Office 2010 SP1 may be less stable, and may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

tags | exploit, arbitrary, code execution, python
systems | windows, vista
advisories | CVE-2014-6352
MD5 | fe028a266ecc2e632fcaf3aa8b0dd614
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Posted Nov 13, 2014
Authored by Haifei Li, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such as using Office 2010 SP1 might be less stable, and sometimes may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

tags | exploit, arbitrary, code execution
systems | windows, vista
advisories | CVE-2014-6352
MD5 | 287aac6ebe839f0d40b82e5df2f514da
MS14-017 Microsoft Word RTF Object Confusion
Posted Apr 9, 2014
Authored by Haifei Li, Spencer McIntyre | Site metasploit.com

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This Metasploit module was created by reversing a public malware sample.

tags | exploit, code execution
advisories | CVE-2014-1761
MD5 | 0173b4b676a7c4cce5d3669d25e38c2e
Adobe Flash Player "Button" Remote Code Execution
Posted Nov 3, 2010
Authored by Haifei Li, jduck | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2010-3654
MD5 | f0cf4b00a86b0a9f05563d4df27cb10e
Adobe Reader's Custom Memory Management - A Heap Of Trouble
Posted Apr 24, 2010
Authored by Haifei Li | Site fortinet.com

Whitepaper called Adobe Reader's Custom Memory Management: A Heap Of Trouble.

tags | paper
MD5 | 86dbc3e7c60a1529b0cacbc87e0cc94c
Adobe Reader / Acrobat Memory Corruption
Posted Apr 14, 2010
Authored by Haifei Li, Bing Liu | Site fortinet.com

Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document.

tags | advisory, remote, vulnerability
advisories | CVE-2010-0194, CVE-2010-1241
MD5 | ee5addca93945d4eb0d784393cd19af9
Microsoft Internet Explorer Remote Memory Corruption
Posted Jan 23, 2010
Authored by Haifei Li | Site fortinet.com

Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Microsoft's Internet Explorer. In order to compromise a system / remotely execute code, an attacker would lure a user to a maliciously crafted website. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

tags | advisory, remote, web, code execution
advisories | CVE-2010-0247
MD5 | e7db22d95ac15b0b82bbd0d3100d5e27
Adobe Reader / Acrobat Memory Corruption
Posted Oct 15, 2009
Authored by Zhenhua Liu, XiaoPeng Zhang, Haifei Li | Site fortinet.com

Researchers from Fortinet have discovered multiple memory corruption and denial of service vulnerabilities in Adobe Reader/Acrobat versions 9.1.3 and below.

tags | advisory, denial of service, vulnerability
advisories | CVE-2009-3460, CVE-2009-2987, CVE-2009-2988, CVE-2009-2996
MD5 | ea4eee0159d0faf35bd2ded8985d9562
Microsoft Office Memory Corruption
Posted Jul 14, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.

tags | advisory, remote, web, activex
advisories | CVE-2009-1136
MD5 | 4d075e76c6de222b3a0822e2c095bd1d
Adobe Acrobat / Reader Memory Corruption
Posted Jun 11, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability has been discovered in Adobe Reader and Acrobat during the processing of a TrueType font within the document.

tags | advisory
advisories | CVE-2009-1857
MD5 | 5c0ab6794e36d475d9302e0df9567306
Fortinet - Apple Safari Memory Corruption
Posted Jun 11, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in Apple Safari which allows a remote attacker to execute arbitrary code through a malicious webpage.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-4231
MD5 | f3b98b469b6c4b287dce7018f17f6b69
Fortinet - Internet Explorer Memory Corruption
Posted Jun 11, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in the DHTML handling of Microsoft's Internet Explorer which allows a remote attacker to compromise a system through a malicious site.

tags | advisory, remote
advisories | CVE-2009-1141
MD5 | b248c792b4e1cd0c15ca767052ca6e5e
Microsoft Office Excel Remote Memory Corruption
Posted Apr 15, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in Microsoft Office Excel which allows a remote attacker to compromise a system through a malicious document.

tags | advisory, remote
advisories | CVE-2009-0100
MD5 | df69bb950c1ed748e89104a510c47f67
RealPlayer IVR File Code Execution
Posted Feb 6, 2009
Authored by Haifei Li | Site fortinet.com

RealNetworks RealPlayer version 11 suffers from multiple code execution vulnerabilities when processing IVR files.

tags | advisory, vulnerability, code execution
advisories | CVE-2009-0375, CVE-2009-0376
MD5 | 538459e08bf951831afff289876781e8
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close