exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 113 of 113 RSS Feed

Files from Yorick Koster

Real NameYorick Koster
Email addressprivate
Websitenl.linkedin.com/in/yorickkoster
First Active2009-07-17
Last Active2024-08-31
View User Profile
File Roller Path Traversal
Posted Jul 8, 2013
Authored by Open Source CERT, Yorick Koster

The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user executing the extraction, outside the current working directory. This behavior is triggered when the option 'Keep directory structure' is selected from the application 'Extract' dialog.

tags | advisory, arbitrary
advisories | CVE-2013-4668
SHA-256 | f6e7eec5337ffaec3b1e39f19c1e07cbe65ea4c169f65204d92f2634cdcc1947
.NET Framework EncoderParameter Integer Overflow
Posted Feb 13, 2013
Authored by Yorick Koster | Site metasploit.com

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, user-supplied buffers are copied into the new buffer, resulting in a corruption of the heap. By exploiting this vulnerability, it is possible for an application running with Partial Trust permissions to break from the CLR sandbox and run arbitrary code with Full Trust permissions.

tags | exploit, overflow, arbitrary
SHA-256 | 06f18bdcf7bab4db2000ea8c23e48d5c1532aafa073d2ac911c6d0ee597b446d
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Posted Jun 11, 2012
Authored by Yorick Koster, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This allows you to trick your victim into opening the malicious document, which will load up either a python or ruby payload based on your choosing, and then finally download and execute our executable.

tags | exploit, python, ruby
advisories | CVE-2012-0013, OSVDB-78207
SHA-256 | 0a79ccc75253fc54a4cbf99a7599c06f3f75c9e59c1385bd9c4f718868f83665
.NET Framework EncoderParameter Integer Overflow
Posted Apr 23, 2012
Authored by Yorick Koster | Site akitasecurity.nl

An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.

tags | exploit, overflow
SHA-256 | 9f691c33118729de8b1118c45e101699844a3903353809ae5aaae2e5abda61ad
ClickOne Application Execution
Posted Jan 13, 2012
Authored by Yorick Koster | Site akitasecurity.nl

A logic flaw has been found in the way .NET grants permissions to ClickOnce applications. Combined with relaxed security warnings when handling OLE Packages in Office 2007 allows for attackers to run arbitrary .NET assemblies with Full Trust permissions.

tags | advisory, arbitrary
advisories | CVE-2012-0013
SHA-256 | 00e1066c2923521d1053ae01947493005e91c3b5cd22f3ffe201033ada37e948
Akamai Download Manager Arbitrary Download / Execution
Posted Aug 3, 2010
Authored by Yorick Koster | Site akitasecurity.nl

Akamai's Download Manager allows attackers to download arbitrary files onto a user's desktop. Using a so-called "blended threat" attack it is possible to execute arbitrary code. This attack affects the ActiveX control as well as the Java applet. This was fixed in version 2.2.5.4.

tags | exploit, java, arbitrary, activex
SHA-256 | 29804371b07a8f9024641896f3f7d03d69f4c73848f0b53035414cb6f4660d4e
Outlook ATTACH_BY_REF_ONLY File Execution
Posted Jul 26, 2010
Authored by Yorick Koster | Site metasploit.com

It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double clicks on such an attachment or message, Outlook will proceed to execute the file that is set by the path name value. These files can be local files, but also file stored remotely for example on a file share. Exploitation is limited by the fact that its is not possible for attackers to supply command line options.

tags | exploit, local
systems | windows
advisories | CVE-2010-0266
SHA-256 | ab93992908b391872063eb727124195509f9b1f508ffa2326a5648dea3d63372
Outlook ATTACH_BY_REF_RESOLVE File Execution
Posted Jul 26, 2010
Authored by Yorick Koster | Site metasploit.com

It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double clicks on such an attachment or message, Outlook will proceed to execute the file that is set by the path name value. These files can be local files, but also file stored remotely for example on a file share. Exploitation is limited by the fact that its is not possible for attackers to supply command line options.

tags | exploit, local
systems | windows
advisories | CVE-2010-0266
SHA-256 | 374645d7192e9108d3159d89b407cc6d190d245e40fe2cd224e4b6852b6629ec
Outlook PR_ATTACH_METHOD File Execution
Posted Jul 15, 2010
Authored by Yorick Koster | Site akitasecurity.nl

It has been discovered that certain e-mail messages cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed.

tags | advisory
systems | windows
advisories | CVE-2010-0266
SHA-256 | 550e736caba1e689e23530aec9809ac9c94ae8f0d154b391fe20a8e454287817
getPlus Insufficient Domain Name Validation
Posted Feb 26, 2010
Authored by Yorick Koster | Site akitasecurity.nl

getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.

tags | advisory
advisories | CVE-2010-0189
SHA-256 | e071af8d3f4b8b962bc5edfde3e6bfc33db4acd32f7296e78e2eaedc666e6e16
iDEFENSE Security Advisory 2010-02-23.1
Posted Feb 25, 2010
Authored by iDefense Labs, Yorick Koster | Site idefense.com

iDefense Security Advisory 02.23.10 - Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain. iDefense has confirmed the existence of this vulnerability in getPlus version 1.5.2.35 as distributed by Adobe. The Adobe Download Manager on Windows (prior to February 23, 2010) has been confirmed vulnerable by Adobe.

tags | advisory, remote, arbitrary
systems | windows
SHA-256 | d0efdc32584a23be37a59e4491447cc4ca499652cf899ad6b592297321df9b3a
yTNEF/Evolution Directory Traversal / Buffer Overflow
Posted Sep 7, 2009
Authored by Yorick Koster | Site akitasecurity.nl

The yTNEF and the Evolution TNEF attachment decoders suffer from directory traversal and buffer overflow vulnerabilities. Evolution version 2.62.2 and yTNEF version 2.6 are both affected.

tags | exploit, overflow, vulnerability, file inclusion
SHA-256 | fc72295298826820b54f15f505292a1f357eed26bb395249ffb5557757b9e927
PulseAudio Local Race Condition
Posted Jul 17, 2009
Authored by Yorick Koster | Site akitasecurity.nl

PulseAudio suffers from a local race condition privilege escalation vulnerability. Proof of concept exploit included.

tags | exploit, local, proof of concept
advisories | CVE-2009-1894
SHA-256 | 426a9d852cba8a790cc64c95d7415f44eccf93c747b639ad6f192ca0c06f2302
Page 5 of 5
Back12345Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close