Showing 1 - 6 of 6

Files from sgb

Email address	scott.bell at security-assessment.com
First Active	2011-05-04
Last Active	2013-06-07

MS13-037 Microsoft Internet Explorer textNode Use-After-Free: Posted Jun 7, 2013; Authored by sgb | Site metasploit.com; This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer where a DOM textNode pointer becomes corrupted after style computation. This pointer is then overwritten when the innerHTML property on the parent object is set.; tags | exploit; advisories | CVE-2013-1311; SHA-256 | b6745968884cf6b6554a200804a5583329d082da0e92b0007d893fd030dd188e; Download | Favorite | View

MS13-037 MSIE 8 textNode Use-After-Free: Posted Jun 6, 2013; Authored by sgb | Site security-assessment.com; A use-after-free memory corruption vulnerability was identified in Microsoft Internet Explorer 8. This allows a malicious user to remotely execute arbitrary code on a vulnerable user's machine, in the context of the current user. The memory corruption happens when the application of a style sheet performs style computations on the DOM. A DOM textNode pointer becomes corrupted after the style computation. This pointer is then overwritten when the innerHTML property on the parent object is set.; tags | advisory, arbitrary; SHA-256 | 42e29adc4eef804c5f70dc15a5cf982d90aed29c7b2c9eba91d110e9941198d8; Download | Favorite | View

MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free: Posted Feb 23, 2013; Authored by sgb | Site metasploit.com; This Metasploit module exploits a use-after-free vulnerability in Microsoft Internet Explorer where a CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed.; tags | exploit; advisories | CVE-2013-0025; SHA-256 | c34a481f2b8be1ac2f3b8a01e8ab562889bd7cdb4f5c7a2ba7fee1e09d0c1f5b; Download | Favorite | View

Microsoft Internet Explorer 8 Use-After-Free: Posted Feb 13, 2013; Authored by sgb | Site security-assessment.com; A use-after-free memory corruption vulnerability was identified in Microsoft Internet Explorer 8. This allows a malicious user to remotely execute arbitrary code on a vulnerable user's machine, in the context of the current user. The memory corruption happens when the application of a style sheet performs style computations on the DOM. A CParaElement node is released but a reference is still kept in CDoc. This memory is reused when a CDoc relayout is performed. Microsoft patch MS13-009 addresses this issue.; tags | advisory, arbitrary; SHA-256 | c1ad970003b5ea6035cc3a1a86aced80abab4e373de1b2a7289fd2a3864add83; Download | Favorite | View

ICONICS WebHMI ActiveX Buffer Overflow: Posted May 12, 2011; Authored by sinn3r, sgb, bls | Site metasploit.com; This Metasploit module exploits a vulnerability found in ICONICS WebHMI's ActiveX control. By supplying a long string of data to the 'SetActiveXGUID' parameter, GenVersion.dll fails to do any proper bounds checking before this input is copied onto the stack, which causes a buffer overflow, and results arbitrary code execution under the context of the user.; tags | exploit, overflow, arbitrary, code execution, activex; advisories | OSVDB-72135; SHA-256 | 627c824b526df4f9b075cf7631d7fbdbd9747ed69a817b804cc5b007faa0cb03; Download | Favorite | View

ICONICS WebHMI Active-X Stack Overflow: Posted May 4, 2011; Authored by sgb, bls | Site security-assessment.com; ICONICS Genesis32 is a suite of OPC, SNMP, BACnet and Web-enabled HMI and SCADA applications. A stack overflow was found in an ActiveX control required by the WebHMI interface. This condition can be used to gain command execution. The affected control is 'GenVersion.dll' and has the ClassID of {CEFF5F48-BD2E-4D10-BAE5-AF729975E223}. This control is marked safe for scripting.; tags | exploit, web, overflow, activex; SHA-256 | e2cc945e05990c73d34e1f078184b4608dc08dbcc60fbcdef0908d92ab249b3f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days