This Metasploit module exploits a stack buffer overflow vulnerability in VideoLAN VLC versions prior to 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.
9952cf454696629976235ec8de966c57016db79252896be88870fdf2312f2133
iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
942d74f656f37c0e192a61cad927f560e615855d6d84fc3d9b682b994f4e47bf
iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.
63116851ec25226dbd4100de9d28241e487287adbf0d2b37b83b6a4707c90918
iDefense Security Advisory 11.11.10 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a maliciously constructed Excel record. Specific values within this record can trigger a memory corruption vulnerability, and result in values from the file being used as function pointers. This allows an attacker to execute arbitrary code.
ff890312e47483c8b1244f6d7d408e3d962c8062c33a929494899fcca53cf69b
Process Dumper is able to make a dump of a running process in a forensical manner. Windows version.
4bc0e65d8f2c0bf6645f69209e08992fbcb9193f1f25e64e825c0275d08dca20
Process Dumper is able to make a dump of a running process in a forensical manner. Linux version.
4e60a60adc611b7b94aa58472701a8fe1f939fbf445141ab433d39f4ad84d3b7
ScoopyNG combines the detection tricks of Scoopy Doo and Jerry as well as some new techniques to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system. ScoopyNG should work on all modern uni-, multi- and multi-core cpu's. ScoopyNG is able to detect VMware even if "anti-detection-mechanisms" are deployed.
2d85b2d9706260fbcc4f2d2841c4301c97e18a67ae40072ee2956cbf75b2f720
Google Chrome is vulnerable to an out-of-bounds array indexing bug, caused by the improper handling of FTP PWD command server responses. By persuading a victim to visit a specially-crafted web site containing an iframe pointing to a malicious FTP server, a remote attacker could exploit this bug and cause the browser to crash. Versions 4.1.249.1042 (Build 42199) and below are affected. Proof of concept included.
46a3ad56ce252ccdbd6329ea06843f21e89e1fb198ea8f464ae783e4feff2e7f
This Metasploit module exploits a stack-based buffer overflow in WebEx's WebexUCFObject ActiveX Control. If an long string is passed to the 'NewObject' method, a stack- based buffer overflow will occur when copying attacker-supplied data using the sprintf function. It is noteworthy that this vulnerability was discovered and reported by multiple independent researchers.
e43768f68be7b3013f27418eda7f1bf2522747aecec1b523657fd01ec1c70da7
Avast! versions 4.8 and 5.0 suffer from a aavmker4.sys kernel memory corruption vulnerability.
423e14acc68af28b36348077feb4ef7ada79727abeb0a3fa6fe5fcf347f9aa5c
This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris.
0bb0ba7efbaa3375e563e5bdee9caa226403113256a518e9673c3e85f5d0a27d
The kernel of Oracle Solaris contains a vulnerability in the code that handles UCODE_GET_VERSION IOCTL requests. The vulnerability allows a local unprivileged user the ability to panic a Solaris x86 Intel-based system (32-bit/64-bit mode) due to a NULL pointer dereference. The ability to panic a system is a type of Denial of Service (DoS). The issue can be triggered by sending a specially crafted IOCTL request to the kernel.
a524a1ba9d5742e9a071414fff6dae55d1497bb58dc841e1c7577a689c3d653c
The iPhone OS AudioCodecs library contains a heap buffer overflow vulnerability while parsing maliciously crafted AAC or MP3 files. The vulnerability may be exploited by an attacker to execute arbitrary code in the context of an application using the vulnerable library. One attack vector are iPhone ringtones with malformed sample size table entries. It was successfully tested that iTunes uploads such malformed ringtones to the phone.
f5526418de98c9657cbd763047a324da3b927f706fa76dd4b3293e0a4a6b43d0
lidsndfile versions 1.0.19 and below and Winamp versions 5.552 and below suffer from a VOC processing heap buffer overflow vulnerability.
426f002e38e1c490a9f976a610dedb222d0edadadfe570535bcf5629995c0307
Xine-lib contains an integer overflow vulnerability while parsing malformed STTS atoms of Quicktime movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of an application using the xine library. Versions 1.1.16.2 and below are affected.
e630315f5a4f17bed6c30a6e60f105c698b76e14980eecb44cd918005fc63440
FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.
fdcf90835a6517d5d2a479f58cb2df9924557def551619884e79cb3f547d6180
GStreamer gst-plugins-good versions below 0.10.12 suffer from heap overflow and array index out of bounds vulnerabilities.
ae5d5f7a93915193f6bbfe67a4de2d6d96a10f53637af659ba372970130ceede
Amarok contains several integer overflows and unchecked allocation vulnerabilities while parsing malformed audible digital audio files. The vulnerabilities may be exploited by a (remote) attacker to execute arbitrary code in the context of Amarok.
b94ef4ce7d1b2e477a85e81fe7d6abeaf756a2d58b5544818985f2c20cb90bb6
Sun Solaris suffers from an aio_suspend() kernel integer overflow vulnerability.
cf4e53dd00147f6634c2f3e122968aec17988d62f758b49a1e1ca73472516ca8
Sun Solaris suffers from a SIOCGTUNPARAM IOCTL kernel null pointer vulnerability.
a891f595f6f13435a2f5b8eb4f88c409b8f3d63c0a46587d1d8311e4fb22ed15
MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of MPlayer. Versions 1.0rc2 below r28150 and SVN trunk below r28149 are affected.
3d02003114810b5a72337c7ed271ed1847f5dd7313989408e20fa407cb420c3c
VLC media players versions below 0.9.7 suffer from a RealMedia processing integer overflow vulnerability.
277cdb483e2c61d2d88a42e96e43abfe8296e8b9635bed39a04fda60afbd6b13
The VLC media player contains a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions below 0.9.6 are affected.
bacacae2218bff994d1f4690cf40e8cb5c6f0b1cbb4bd868b2cb024828b76d85
The VLC media player contains a stack overflow vulnerability while parsing malformed RealText (rt) subtitle files. The vulnerability can be trivially exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions below 0.9.6 are affected.
61e27c6eddbf9e4287833b974a6c98a8cbff9ad64f0e65b56725d5eebcbb162b
The VLC media player contains a stack overflow vulnerability while parsing malformed TiVo ty media files. The vulnerability can be trivially exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions 0.9.4 and below are affected.
3d082ad5cd82a028089e95d1402f60f67f5c3ffebc9cd1673006a937b81a57a7