This Metasploit module exploits a stack buffer overflow in process bcaaa-130.exe (port 16102), which comes as part of the Blue Coat Authentication proxy. Please note that by default, this exploit will attempt up to three times in order to successfully gain remote code execution (in some cases, it takes as many as five times). This can cause your activity to look even more suspicious. To modify the number of exploit attempts, set the ATTEMPTS option.
ba8634a1f89adc72bb1fa6c7125d662b2e0d1e9a7d1b79249e69e1b06460f06e
The software referred to as BCAAA (Blue Coat Authentication and Authorization Agent) is installed on a domain server (not necessarily a domain controller, a member server is enough) and acts as an intermediary between a Blue Coat ProxySG and the domain. The BCAAA Windows Service is vulnerable to a stack-based buffer overflow, this can lead to remote code execution running with SYSTEM privileges. Affected are all versions of BCAAA associated with ProxySG releases 4.2.3, 4.3, 5.2, 5.3, 5.4, 5.5, and 6.1 available prior to April 21, 2011 or with a build number less than 60258. All versions of BCAAA associated with ProxyOne are also vulnerable.
54bac8253d4a2373e84fd3215e027da96d0d0887a6fbb0fdaedba7dac543322f
A corrupt Canon Camera RAW file (.CR2) can cause a crash in the RawCamera library. This affects viewing files in both the Preview.app application or via Quick Look. Mac OS X 10.6.6 with RawCamera.bundle versions prior to 3.6 are affected.
bfa974140fd1bf14906e974ca1afd9e9e4884f61c2b178a9aa19ede528e993e7
Immunity Debugger version 1.73 contains a buffer overflow vulnerability in its HTTP update mechanism.
eb3222763fbd249397289a12e1bfee1c09d0425cad699d675e1553a2e8d4d505
Paul Harrington of NGS Secure has discovered a high risk vulnerability in Mac OS X Image RAW. Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6 with RawCamera.bundle versions prior to 3.6.
fc0b316cf82ddc0ac592117f4d7ddb4c7b690bf50443ed7dbdc636202f42012d
This Metasploit module exploits a stack overflow in the web server provided with the EvoCam program for Mac OS X. We use Dino Dai Zovi's exec-from-heap technique to copy the payload from the non-executable stack segment to heap memory. Vulnerable versions include 3.6.6, 3.6.7, and possibly earlier versions as well. EvoCam version 3.6.8 fixes the vulnerability.
1c923c534030db638a49cbc2059c3e52cb7a34e60ab4c8b6bd58d2cf5b383ff5