This Metasploit module exploits a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX. When sending an invalid pointer to the extSetOwner() function of UfPBCtrl.dll an attacker may be able to execute arbitrary code.
c2a11c7983f91db8ab886e7660b02d16e3345e1caecf8da45a9e658400a2913fThis Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.42. When sending an overly long string to the 'call-back-url' parameter in an op-client-interface-version action of ienipp.ocx an attacker may be able to execute arbitrary code.
7cbaaf11994cc2aa297944de64087d82388e708d5b6a96ed7191080f1ca223d0This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.40. When sending an overly long string to the 'debug' parameter in ExecuteRequest() property of ienipp.ocx an attacker may be able to execute arbitrary code.
e50f64e1f69d2ac7f0d33800fc3dc1283cd8c9b8ee93f24befcc1d27e5d76691This Metasploit module exploits a use-after-free vulnerability within the DTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the "iepeers" vulnerability. The name comes from Microsoft's suggested workaround to block access to the iepeers.dll file. According to Nico Waisman, "The bug itself is when trying to persist an object using the setAttribute, which end up calling VariantChangeTypeEx with both the source and the destination being the same variant. So if you send as a variant an IDISPATCH the algorythm will try to do a VariantClear of the destination before using it. This will end up on a call to PlainRelease which decref the reference and clean the object." NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.
2050b221f455e1fa58a8d196ecf708064b18b0b04314d24c17d3d8356494d06eThis Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.
ca6ec897859207169db7407f8bb4734a3760e5319a030b811baaa720b7efddaaThis Metasploit module exploits a privilege escalation vulnerability in South River Technologies WebDrive. Due to an empty security descriptor, a local attacker can gain elevated privileges. Tested on South River Technologies WebDrive 9.02 build 2232 on Microsoft Windows XP SP3.
d1b1cd0b24c521c3ac658150a5658356bf2ad8fce479a3690ef93ddb1ce99210This Metasploit module exploits a stack-based buffer overflow within Phobos.dll of AOL 9.5. By setting an overly long value to 'Import()', an attacker can overrun a buffer and execute arbitrary code.
9b8e41c5f18f1940b770dab8c88980a409b2f76dd6cb4f4dea7b75f2c9423d54cPanel and WHM versions 11.25 (up to build 42174) allows CR injection that can be leveraged for HTTP response splitting attacks.
0b670ad065f6c4108376593723c9a29dc3176ab42c972663cc916ea7c24106a6This Metasploit module exploits a data segment buffer overflow within Winds3D Viewer of AwingSoft Awakening 3.x (WindsPly.ocx v3.6.0.0). This ActiveX is a plugin of AwingSoft Web3D Player. By setting an overly long value to the 'SceneURL' property, an attacker can overrun a buffer and execute arbitrary code.
cc5464c5502efeb363604ff7cff786f441a5c42581c6aaf148a0991375add770This Metasploit module exploits a stack-based buffer overflow in AOL IWinAmpActiveX class (AmpX.dll) version 2.4.0.6 installed via AOL Radio website. By setting an overly long value to 'ConvertFile()', an attacker can overrun a buffer and execute arbitrary code.
b255bff048b696b83be33b74127329a23af7e1d356d9b41e180802e9add63785This Metasploit module exploits a heap-based memory corruption vulnerability in Autodesk IDrop ActiveX control (IDrop.ocx) version 17.1.51.160. An attacker can execute arbitrary code by triggering a heap use after free condition using the Src, Background, PackageXml properties.
ed9e481ead1489a1daf2b9cee8648d7e139f01c0d32d6ba6537f09d38141d0c1This Metasploit module exploits a stack-based buffer overflow in SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 installed by TestDirector (TD) for Hewlett-Packard Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32. By setting an overly long value to 'ProgColor', an attacker can overrun a buffer and execute arbitrary code.
c08b27a7fc069442f0b520a51db82b21f23f666431455fa3b054f21472e8a9edThis Metasploit module exploits a memory corruption within the MSVidCtl component of Microsoft DirectShow (BDATuner.MPEG2TuneRequest). By loading a specially crafted GIF file, an attacker can overrun a buffer and execute arbitrary code. ClassID is now configurable via an advanced option (otherwise randomized) - I)ruid
e8f71e34b37a4de2b0396539c6da78a5e06109b689d9afc1f84fe565484d3e81This Metasploit module exploits a stack-based buffer overflow in SonicPlayer ActiveX control (SonicMediaPlayer.dll) 3.0.0.1 installed by Roxio CinePlayer 3.2. By setting an overly long value to 'DiskType', an attacker can overrun a buffer and execute arbitrary code.
48b3779df2769a5bc6d16187b57ee218c56905cb69572013a5437f4bcdeda2c4This Metasploit module exploits a stack-based buffer overflow vulnerability in HTTPDX HTTP server 1.4. The vulnerability is caused due to a boundary error within the "h_handlepeer()" function in http.cpp. By sending an overly long HTTP request, an attacker can overrun a buffer and execute arbitrary code.
96eaa8c48e19f5fb3dca4fdb11170227a1757203bb4e06504fea12b4f61860cdVideoLAN VLC Media Player version 0.9.9 smb:// URI stack-based buffer overflow proof of concept exploit.
02bd2a8bc15926beeeda72ddecf755f1be30dcda65538fbb067c7c837843b084This Metasploit module exploits a stack-based buffer overflow in Green Dam Youth Escort version 3.17 in the way it handles overly long URLs. By setting an overly long URL, an attacker can overrun a buffer and execute arbitrary code. This module uses the .NET DLL memory technique by Alexander Sotirov and Mark Dowd and should bypass DEP, NX and ASLR.
d0b4aaedaa43dfb14fc35f1443b4c0e80d58b6bd44a192f96fef4cee92df1ad8Apple Safari 4 Beta suffers from a NULL pointer dereference denial of service vulnerability in relation to the feeds handler.
2a2602ebbdda5234530d8b159eb8732d4ae55700178e1a03437137bc29fb4961
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed