This Metasploit module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX component, specifically PDF_IN_1.ocx. When a long string of data is given to the ConnectToSynactis function, which is meant to be used for the ldCmdLine argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry class pointer saved on the stack, and results in arbitrary code execution under the context of the user. Also note that since the WinExec function is used to call the default browser, you must be aware that: 1) The default must be Internet Explorer, and 2) When the exploit runs, another browser will pop up. Synactis PDF In-The-Box is also used by other software such as Logic Print 2013, which is how the vulnerability was found and publicly disclosed.
717b46a540961e751ccf7b61962579a6966ed5098437c588fd29d0ce3364ac7bLogic Print 2013 suffers from a stack overflow vulnerability.
ba1216bc16af7f8d80b5c358f6e4541518b85fb4b8d3fc8150c331d6f1c6e2a1AnvSoft Any Video Converter version 4.3.6 unicode buffer overflow exploit that creates a malicious .reg file.
c532021cc23d12aa672117669ee1f244c0d5045941bccdba57ba511e3b959328This Metasploit module exploits a buffer overflow vulnerability found in ABBS Electronic Flash Cards 2.1. The overflow occurs when an overly long string is passed in the fcd file. To execute this fcd file the victim has to start to start a new "random" test.
c4c8fb668311f736f3f219c385663db82dcd5d5a1b34b3619a99750fd3157744This Metasploit module exploits a buffer overflow vulnerability found in ABBS Audio Media Player 3.0. The overflow occurs when an overly long string is passed in the lst file.
d9fb150c2b6446ec8d7abefc95849ea999085081199ed402a25c9a6ce1c1d893Zinf Audio Player version 2.2.1 buffer overflow with DEP bypass exploit that creates a malicious .pls file.
948faf9bd2a77d69c944a06053b7ecf595b7ddc4b87af7868c70f0cb8f58aa54MPlayer Lite release 33064 buffer overflow exploit with DEP bypass that creates a malicious .m3u file.
93becbd1821f8474281d87bd68706345b483a42080f5471fc7c646046c75316dThis Metasploit module exploits a stack-based buffer overflow in Word Builder 1.0. An attacker must send the file to the victim and the victim must open the file.
4f09a8ce134a573e331adcdbf613031d7114055b816c39ca90f77e2dcf04af54A-PDF WAV to MP3 Converter version 1.2.0 buffer overflow exploit with DEP bypass.
de07a2a51fe0ef6670abcb2c3394e778bb131579bf58a84567d598ab9cb9a2c5A-PDF All to MP3 Converter version 2.0.0 buffer overflow exploit with DEP bypass.
32f048ae8de35c1ad8a82f9bdf73b82b482ec2ee35ab8228fde6fd83a9edebc1Chasys Media Player version 2.0 buffer overflow exploit that leverages SEH.
958421ba33d3e6e0e10e3daf9b07a2a0b5337b7ccc2567242fd2e78c9ced2554Word List Builder version 1.0 buffer overflow exploit that spawns calc.exe.
65a28145373fd9b1beb9f5c5ffd6724cdd3c177e768b92f92ff0b2cccd9f1e6dMPlayer Lite version r33064 SEH overflow exploit that creates a malicious .m3u file.
1b55c647e927e0bd6d1bece8906a4764a929fe79d2028a5ddd7c87dfd0ee488aABBS Electronic Flash Cards version 2.1 buffer overflow exploit.
02a46a081a43597cbb56775804d2aa5a5d0f1aacb4e9a3e4194856667df2b285ABBS Audio Media Player version 3.0 .lst buffer overflow exploit that uses SEH.
a003a7179464905d57afc3a4c1774071d2546ddc64483783349e5db2f560ab76A-PDF All to MP3 Converter version 2.0.0 suffers from a .wav parsing buffer overflow vulnerability.
f53b72e457e3c8e6e6b5d9dc8746ad8f95847bde9e358de70e8ba7108c4c92a9Word Splash Pro versions 9.5 and below local buffer overflow exploit.
5ffcbcad8fc30b44e94b571c1529d9ac9720ac37e56b839154e7777838dfe66dEasy DVD Creator local crash proof of concept exploit.
3c7a275d3effdb21eefadb086122bb81b6c00d7edee39d6e2a578ebe14296530Digital Audio Editor version 7.6.0.237 local crash proof of concept exploit.
820e081085fd1ca4bcfd6c2a2807c9a1dfc73c0f4ac9523a262e5382d1c95d93Free Audio Converter version 7.1.5 denial of service proof of concept exploit.
e0011c8943f21bd8312e83b5a04915848c201429cea9900d850e3f784ffa2dd9WaveMax Sound Editor version 4.5.1 denial of service proof of concept exploit.
d3c16d4382942b0626def374eb93a86bc952ed658c264ad90aee0805d418fd9bFreeTrim MP3 version 2.2.3 denial of service exploit.
fc34fa0cc666a02cdcc22fd3b535b6ade956773f08411a03d381c611daa4df26
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed