This exploit module illustrates how a vulnerability could be exploited in an TCP server that has a parsing bug. This is an example Metasploit module to be used for exploit development.
7080c0e0772da0f83c51df64e3f6e1cc4c7d74a7c1c2265e80261599694e52d2This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
77a69a99c5c235c2339e0f087749f6b147c5953684914f6479b3edef34269f9aWhitepaper called Remote Library Injection.
5d2e159fe59c1a83859333e8247107ff1a82a3fbfcf7ccd80be987e9f65fa30aThis Metasploit module exploits a flaw in the handling of AOL Instant Messenger's 'goaway' URI handler. An attacker can execute arbitrary code by supplying a overly sized buffer as the 'message' parameter. This issue is known to affect AOL Instant Messenger 5.5.
3f9f669a44333e450e5fc4a71660d89955d2e85848f584c1c6d9d52d001ed850This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
ff5578fdfc8c36ccaad517474220f3b7300ff9d3ecf2bb352b81b0e1dffd7516This Metasploit module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of eEye.
44fae6eeb87ba29bf60ae8c26b6d7c50f75e7bf5c2f4e1500856135c1f0e9b56This Metasploit module exploits a vulnerability in Internet Explorer's handling of the OBJECT type attribute.
762676e5b4cae135dd0de251981a7ff4fd73802648ec93cee17bd317804a31d0This Metasploit module exploits a heap overflow vulnerability in the KeyFrame method of the direct animation ActiveX control. This is a port of the exploit implemented by Alexander Sotirov.
ee23cf2762a7f51047b8075259d50984edeb1f3ca15637fe82e5757310a61103This is an exploit for Squid's NTLM authenticate overflow (libntlmssp.c). Due to improper bounds checking in ntlm_check_auth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length.
c43f943216a1703933afd0ce0708c0542f099b2ad7ed5a159c445291d16c2bc5This is an exploit for an undisclosed buffer overflow in the SoftCart.exe CGI as shipped with Mercantec's shopping cart software. It is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b.
c9dccfe5b7419f70e2a30a4c2e34c682780607f4dc1a5b5945ab9f5f4cef63b9Whitepaper called Metasploit's Meterpreter.
1b01acfccb89b492007b8905da1e49f8a9f4d9d1d0338f7c59c152859292c7a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed