This Metasploit module exploits a heap based buffer overflow in the C1Tab ActiveX control, while handling the TabCaption property. The affected control can be found in the c1sizer.ocx component as included with IBM SPSS SamplePower 3.0. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1.
99fdd7d6b7ffc3bcb3ad029cfcdb362a9cb2e0bb387ffdddfabe715b79e167a0This Metasploit module exploits a heap overflow found in InduSoft Web Studio <= 61.6.00.00 SP6. The overflow exists in the ISSymbol.ocx, and can be triggered with a long string argument for the InternationalSeparator() method of the ISSymbol control. This Metasploit modules uses the msvcr71.dll form the Java JRE6 to bypass ASLR.
f99bd99b5b541326375a269f30ae36cdabc7a1c18a150d0b60fb51908c7a78c6This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.
b495613b72210817067894eb7ff5c08f46dcd44c9088ea935d0a7be729049d9aThis Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. The flaw is generally known as a bug while processing the 'transform' attribute, however, that attack vector seems to only cause a TerminateProcess call due to a corrupt stack cookie, and more data will only trigger a warning about the malformed XML file. This Metasploit module exploits the 'color' value instead, which accomplishes the same thing.
c3e73b5fb622e5d0d8dee9cca23a811ec375673bedd92228a5733bc9287c407bThis Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.
2d6d029945aaecc2ac0003cb91c1250f912d627ce695077b2bfbd1919c57f669This Metasploit module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt .mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situation.doc" phishing campaign.
bc712e2a0634304709e04fab0e0b399f87ad8994ef78b54e906ba338a89de632This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.
df9a4f147e437db061fcac07db067da65775ac9fff0ec5fecbe3b18c47f3cebaWinamp version 5.61 suffers from an in_midi component heap overflow vulnerability. Crash proof of concept included.
4e587b2065afe9000d5eadcffc9ee680db5536ffe5b1558ebc5d6f888035f8f8The PHP phar extension suffers from a heap overflow vulnerability. PHP version 5.3.6 is affected with phar extension version 1.1.1.
544ec89352741005022c0058d23aff331f3a321cf66b89dcd94987ec75abef4eEdraw Office Viewer component version 7.4 active-x related stack buffer overflow exploit.
0cb6d86d4889168c48cf40d301af90cb71f2d53474310ed6503c5096390544cd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed