exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Haifei Li

First Active2009-02-06
Last Active2017-04-24
Microsoft Office Word Malicious Hta Execution
Posted Apr 24, 2017
Authored by Haifei Li, Didier Stevens, sinn3r, Nixawk, ryHanson, vysec, wdormann | Site metasploit.com

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. This Metasploit module was created by reversing a public malware sample.

tags | exploit, web, code execution
advisories | CVE-2017-0199
SHA-256 | 7e6b9ea3c2f7098466493a6d04a3625fe49a4a591628f01dcefb67c6615f8b03
Microsoft Outlook HTML Email Denial Of Service
Posted Mar 28, 2017
Authored by Haifei Li

Microsoft Outlook suffers from an HTML email denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | df536fb9431470d67b63334422b4fe73505842670e63f7d352a00c5db691b38d
BadWinmail Microsoft Outlook Attack Vector
Posted Dec 16, 2015
Authored by Haifei Li

This whitepaper discloses an attack vector in Outlook that bypasses sandboxing using a TNEF email or MSG attachment.

tags | advisory
SHA-256 | 19e2894a2db311da4638930cb55c020c30c7adca2e7c77ad376fa357bda50352
MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python
Posted Nov 14, 2014
Authored by Haifei Li, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. Please keep in mind that some other setups such as those using Office 2010 SP1 may be less stable, and may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

tags | exploit, arbitrary, code execution, python
systems | windows
advisories | CVE-2014-6352
SHA-256 | 98f844496d43dbf5a1ce7018422d72a76de82b8bafeead5008c67a30054879fd
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Posted Nov 13, 2014
Authored by Haifei Li, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such as using Office 2010 SP1 might be less stable, and sometimes may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2014-6352
SHA-256 | 22d50e4cf87dbb4ac9f6d51a9b1c21edb0ba7405f489b927842967eda685d577
MS14-017 Microsoft Word RTF Object Confusion
Posted Apr 9, 2014
Authored by Haifei Li, Spencer McIntyre | Site metasploit.com

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This Metasploit module was created by reversing a public malware sample.

tags | exploit, code execution
advisories | CVE-2014-1761
SHA-256 | dc312c58b345cdc30586c860d412b91fcac1d29d8b039194c3e389f62ccf5683
Adobe Flash Player "Button" Remote Code Execution
Posted Nov 3, 2010
Authored by Haifei Li, jduck | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2010-3654
SHA-256 | adf90d0fda6f2de7394643377e0f4d300f5445c02e7d2a421ba4dc2768385036
Adobe Reader's Custom Memory Management - A Heap Of Trouble
Posted Apr 24, 2010
Authored by Haifei Li | Site fortinet.com

Whitepaper called Adobe Reader's Custom Memory Management: A Heap Of Trouble.

tags | paper
SHA-256 | 1ca66990a4d34dc7ac4eb9341396985d911c6f0afad2d4386e9f8b52dc992276
Adobe Reader / Acrobat Memory Corruption
Posted Apr 14, 2010
Authored by Haifei Li, Bing Liu | Site fortinet.com

Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document.

tags | advisory, remote, vulnerability
advisories | CVE-2010-0194, CVE-2010-1241
SHA-256 | fc8110eba746beaeaeb312acf0c3de98f282e855acb65e89c31ceef45a4695c5
Microsoft Internet Explorer Remote Memory Corruption
Posted Jan 23, 2010
Authored by Haifei Li | Site fortinet.com

Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Microsoft's Internet Explorer. In order to compromise a system / remotely execute code, an attacker would lure a user to a maliciously crafted website. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

tags | advisory, remote, web, code execution
advisories | CVE-2010-0247
SHA-256 | cc8e33ac98ddd8ef8d5dc03397e54ce9a818078069cd185474fad26eeafd6a4f
Adobe Reader / Acrobat Memory Corruption
Posted Oct 15, 2009
Authored by Zhenhua Liu, XiaoPeng Zhang, Haifei Li | Site fortinet.com

Researchers from Fortinet have discovered multiple memory corruption and denial of service vulnerabilities in Adobe Reader/Acrobat versions 9.1.3 and below.

tags | advisory, denial of service, vulnerability
advisories | CVE-2009-3460, CVE-2009-2987, CVE-2009-2988, CVE-2009-2996
SHA-256 | 2a0cd498bdf583933e70555a6d57cafc641609db9a0074360ea0f8bb095a999e
Microsoft Office Memory Corruption
Posted Jul 14, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.

tags | advisory, remote, web, activex
advisories | CVE-2009-1136
SHA-256 | 262b9ebc70d8181838c9653a34cabbd6f2c13fed91bd73c202ccbb62d0bc7ccd
Adobe Acrobat / Reader Memory Corruption
Posted Jun 11, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability has been discovered in Adobe Reader and Acrobat during the processing of a TrueType font within the document.

tags | advisory
advisories | CVE-2009-1857
SHA-256 | ce2c488cf702358779198214f9b93449d1d62798959298dceb3f9ce2bbf74e7f
Fortinet - Apple Safari Memory Corruption
Posted Jun 11, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in Apple Safari which allows a remote attacker to execute arbitrary code through a malicious webpage.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-4231
SHA-256 | 580e105200e9c5ac30d4d127e8977d2a7c4458a07bc647826232f6bef06c66c9
Fortinet - Internet Explorer Memory Corruption
Posted Jun 11, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in the DHTML handling of Microsoft's Internet Explorer which allows a remote attacker to compromise a system through a malicious site.

tags | advisory, remote
advisories | CVE-2009-1141
SHA-256 | 323ed9d3c3a03eb5ec13eb17e2f97a79627819a4d999e722ec7b9b0f58f2db05
Microsoft Office Excel Remote Memory Corruption
Posted Apr 15, 2009
Authored by Haifei Li | Site fortinet.com

A memory corruption vulnerability exists in Microsoft Office Excel which allows a remote attacker to compromise a system through a malicious document.

tags | advisory, remote
advisories | CVE-2009-0100
SHA-256 | 7a0c64574b2e01dbddc971f3557dfe31f8e6283bdc787167adabb29625283c88
RealPlayer IVR File Code Execution
Posted Feb 6, 2009
Authored by Haifei Li | Site fortinet.com

RealNetworks RealPlayer version 11 suffers from multiple code execution vulnerabilities when processing IVR files.

tags | advisory, vulnerability, code execution
advisories | CVE-2009-0375, CVE-2009-0376
SHA-256 | 72e4e1e0d9144e2f6ac6fd0c86635d4392f59bb349d2bd69c4b436d1e28da956
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close