This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. This Metasploit module was created by reversing a public malware sample.
7e6b9ea3c2f7098466493a6d04a3625fe49a4a591628f01dcefb67c6615f8b03Microsoft Outlook suffers from an HTML email denial of service vulnerability.
df536fb9431470d67b63334422b4fe73505842670e63f7d352a00c5db691b38dThis whitepaper discloses an attack vector in Outlook that bypasses sandboxing using a TNEF email or MSG attachment.
19e2894a2db311da4638930cb55c020c30c7adca2e7c77ad376fa357bda50352This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. Please keep in mind that some other setups such as those using Office 2010 SP1 may be less stable, and may end up with a crash due to a failure in the CPackage::CreateTempFileName function.
98f844496d43dbf5a1ce7018422d72a76de82b8bafeead5008c67a30054879fdThis Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such as using Office 2010 SP1 might be less stable, and sometimes may end up with a crash due to a failure in the CPackage::CreateTempFileName function.
22d50e4cf87dbb4ac9f6d51a9b1c21edb0ba7405f489b927842967eda685d577This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This Metasploit module was created by reversing a public malware sample.
dc312c58b345cdc30586c860d412b91fcac1d29d8b039194c3e389f62ccf5683This Metasploit module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
adf90d0fda6f2de7394643377e0f4d300f5445c02e7d2a421ba4dc2768385036Whitepaper called Adobe Reader's Custom Memory Management: A Heap Of Trouble.
1ca66990a4d34dc7ac4eb9341396985d911c6f0afad2d4386e9f8b52dc992276Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document.
fc8110eba746beaeaeb312acf0c3de98f282e855acb65e89c31ceef45a4695c5Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Microsoft's Internet Explorer. In order to compromise a system / remotely execute code, an attacker would lure a user to a maliciously crafted website. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
cc8e33ac98ddd8ef8d5dc03397e54ce9a818078069cd185474fad26eeafd6a4fResearchers from Fortinet have discovered multiple memory corruption and denial of service vulnerabilities in Adobe Reader/Acrobat versions 9.1.3 and below.
2a0cd498bdf583933e70555a6d57cafc641609db9a0074360ea0f8bb095a999eA memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.
262b9ebc70d8181838c9653a34cabbd6f2c13fed91bd73c202ccbb62d0bc7ccdA memory corruption vulnerability has been discovered in Adobe Reader and Acrobat during the processing of a TrueType font within the document.
ce2c488cf702358779198214f9b93449d1d62798959298dceb3f9ce2bbf74e7fA memory corruption vulnerability exists in Apple Safari which allows a remote attacker to execute arbitrary code through a malicious webpage.
580e105200e9c5ac30d4d127e8977d2a7c4458a07bc647826232f6bef06c66c9A memory corruption vulnerability exists in the DHTML handling of Microsoft's Internet Explorer which allows a remote attacker to compromise a system through a malicious site.
323ed9d3c3a03eb5ec13eb17e2f97a79627819a4d999e722ec7b9b0f58f2db05A memory corruption vulnerability exists in Microsoft Office Excel which allows a remote attacker to compromise a system through a malicious document.
7a0c64574b2e01dbddc971f3557dfe31f8e6283bdc787167adabb29625283c88RealNetworks RealPlayer version 11 suffers from multiple code execution vulnerabilities when processing IVR files.
72e4e1e0d9144e2f6ac6fd0c86635d4392f59bb349d2bd69c4b436d1e28da956
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed