This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer where a DOM textNode pointer becomes corrupted after style computation. This pointer is then overwritten when the innerHTML property on the parent object is set.
b6745968884cf6b6554a200804a5583329d082da0e92b0007d893fd030dd188eA use-after-free memory corruption vulnerability was identified in Microsoft Internet Explorer 8. This allows a malicious user to remotely execute arbitrary code on a vulnerable user's machine, in the context of the current user. The memory corruption happens when the application of a style sheet performs style computations on the DOM. A DOM textNode pointer becomes corrupted after the style computation. This pointer is then overwritten when the innerHTML property on the parent object is set.
42e29adc4eef804c5f70dc15a5cf982d90aed29c7b2c9eba91d110e9941198d8This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer where a CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed.
c34a481f2b8be1ac2f3b8a01e8ab562889bd7cdb4f5c7a2ba7fee1e09d0c1f5bA use-after-free memory corruption vulnerability was identified in Microsoft Internet Explorer 8. This allows a malicious user to remotely execute arbitrary code on a vulnerable user's machine, in the context of the current user. The memory corruption happens when the application of a style sheet performs style computations on the DOM. A CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed. Microsoft patch MS13-009 addresses this issue.
c1ad970003b5ea6035cc3a1a86aced80abab4e373de1b2a7289fd2a3864add83This Metasploit module exploits a vulnerability found in ICONICS WebHMI's ActiveX control. By supplying a long string of data to the 'SetActiveXGUID' parameter, GenVersion.dll fails to do any proper bounds checking before this input is copied onto the stack, which causes a buffer overflow, and results arbitrary code execution under the context of the user.
627c824b526df4f9b075cf7631d7fbdbd9747ed69a817b804cc5b007faa0cb03ICONICS Genesis32 is a suite of OPC, SNMP, BACnet and Web-enabled HMI and SCADA applications. A stack overflow was found in an ActiveX control required by the WebHMI interface. This condition can be used to gain command execution. The affected control is 'GenVersion.dll' and has the ClassID of {CEFF5F48-BD2E-4D10-BAE5-AF729975E223}. This control is marked safe for scripting.
e2cc945e05990c73d34e1f078184b4608dc08dbcc60fbcdef0908d92ab249b3f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed