what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 151 - 175 of 301 RSS Feed

Files Date: 2009-11-26 to 2009-11-27

Microsoft Visual Basic VBP Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack oveflow in Microsoft Visual Basic 6.0. When a specially crafted vbp file containing a long reference line, an attacker may be able to execute arbitrary code.

tags | exploit, arbitrary
advisories | CVE-2007-4776
SHA-256 | 6e374c5188f5608083cbab9fb2401659c976e19fb28d2bb839bd2373dbb1a54e
Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow
Posted Nov 26, 2009
Authored by koshi, MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Microsoft's Visual Studio 6.0. When passing a specially crafted string to the Mask parameter of the Msmask32.ocx ActiveX Control, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2008-3704
SHA-256 | 56b52c8f83d0a22f5e67d717396bd5fe41cbe970d924fc937c14e7521ff8ee80
Microsoft IIS Phone Book Service Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This Metasploit module has only been tested against Windows 2000 SP1.

tags | exploit
systems | windows
advisories | CVE-2000-1089
SHA-256 | 0e561c8f11c38a6ebd0de7aa176eab37b866399106f3bb7dd08428cdcb0ccc69
Microsoft IIS 5.0 IDQ Path Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in the IDQ ISAPI handler for Microsoft Index Server.

tags | exploit, overflow
advisories | CVE-2001-0500
SHA-256 | 922a4bb873edf400f55e85500ac54f53ec4e8fce7f1483297386eb14811fc309
Microsoft IIS 4.0 .HTR Path Overflow
Posted Nov 26, 2009
Authored by stinko | Site metasploit.com

This exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. This Metasploit module works against Windows NT 4 Service Packs 3, 4, and 5. The server will continue to process requests until the payload being executed has exited. If you've set EXITFUNC to 'seh', the server will continue processing requests, but you will have trouble terminating a bind shell. If you set EXITFUNC to thread, the server will crash upon exit of the bind shell. The payload is alpha-numerically encoded without a NOP sled because otherwise the data gets mangled by the filters.

tags | exploit, overflow, shell
systems | windows
advisories | CVE-1999-0874
SHA-256 | c0284698cfd346698336fc945b0632cf0c7ba907c5406d8c5e64e623fd0a639b
Microsoft SQL Server Hello Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

By sending malformed data to TCP port 1433, an unauthenticated remote attacker could overflow a buffer and possibly execute code on the server with SYSTEM level privileges. This Metasploit module should work against any vulnerable SQL Server 2000 or MSDE install (< SP3).

tags | exploit, remote, overflow, tcp
advisories | CVE-2002-1123
SHA-256 | bb060a2182b92a6585f642a8e1510b97fb8a2f530e651eeed2debcf906b0e3dc
Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This exploits a buffer overflow in NTDLL.dll on Windows 2000 through the SEARCH WebDAV method in IIS. This particular module only works against Windows 2000. It should have a reasonable chance of success against any service pack.

tags | exploit, overflow
systems | windows
advisories | CVE-2003-0109
SHA-256 | 4caf806bf3d6f77c4656950f84e53b18fa51e99928ad15a38f88eb4cb5dc4dad
MS03-020 Internet Explorer Object Type
Posted Nov 26, 2009
Authored by skape | Site metasploit.com

This Metasploit module exploits a vulnerability in Internet Explorer's handling of the OBJECT type attribute.

tags | exploit
advisories | CVE-2003-0344
SHA-256 | 762676e5b4cae135dd0de251981a7ff4fd73802648ec93cee17bd317804a31d0
Microsoft RPC DCOM Interface Overflow
Posted Nov 26, 2009
Authored by H D Moore, spoonm, cazz | Site metasploit.com

This Metasploit module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This Metasploit module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)

tags | exploit, overflow
systems | windows
advisories | CVE-2003-0352
SHA-256 | 6b1062b85247570ddb5362e034cb6be3d1be2f14dd236970e3ab1f279909588d
Microsoft Workstation Service NetAddAlternateComputerName Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a stack overflow in the NetApi32 NetAddAlternateComputerName function using the Workstation service in Windows XP.

tags | exploit, overflow
systems | windows
advisories | CVE-2003-0812
SHA-256 | 3a957a76c70de4e6ae21065e66dd7dbc255dc940f602d8dab44cb00038144a0a
Microsoft ASN.1 Library Bitstring Heap Overflow
Posted Nov 26, 2009
Authored by Solar Eclipse | Site metasploit.com

This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encounted when using the equivalent bind payloads. Your mileage may vary.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2003-0818
SHA-256 | 8d9c928e6cd1a6002436a9b5bc1e9d94a868525515b51e06f0839ad3d7e7a68e
Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a stack overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter.

tags | exploit, overflow
systems | windows
advisories | CVE-2003-0533
SHA-256 | d1baeef5ba6b111771fa5d96efb4b64cd26d7afcd05bc41178efc9a7b7a52d22
Microsoft Private Communications Transport Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL service, or the port and protocol of an application that uses SSL. The only application protocol supported at this time is SMTP. You only have one chance to select the correct target, if you are attacking IIS, you may want to try one of the other exploits first (WebDAV). If WebDAV does not work, this more than likely means that this is either Windows 2000 SP4+ or Windows XP (IIS 5.0 vs IIS 5.1). Using the wrong target may not result in an immediate crash of the remote system.

tags | exploit, remote, overflow, protocol
systems | windows
advisories | CVE-2003-0719
SHA-256 | ac057a3cda069d28dca0c494d2f34be73d1c4eeab49fc99c9b71b71226f4849e
Microsoft NetDDE Service Overflow
Posted Nov 26, 2009
Authored by Pusscat | Site metasploit.com

This Metasploit module exploits a stack overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 (2000 SP4, XP SP0). Despite Microsoft's claim that this vulnerability can be exploited without authentication, the NDDEAPI pipe is only accessible after successful authentication.

tags | exploit, overflow
systems | windows
advisories | CVE-2004-0206
SHA-256 | c2bd4617c647ff19e1847b77cc3d7916505f16f526abbfabcf23ced43ab47f97
Microsoft WINS Service Memory Overwrite
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a arbitrary memory write flaw in the WINS service. This exploit has been tested against Windows 2000 only.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2004-1080
SHA-256 | 85c23ae114221016947e1a2b1f0f56ddc35e424cb22d9bdbcb13848d698e7ea0
Microsoft Message Queueing Service Path Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft Message Queueing service. The offset to the return address changes based on the length of the system hostname, so this must be provided via the 'HNAME' option. Much thanks to snort.org and Jean-Baptiste Marchand's excellent MSRPC website.

tags | exploit, overflow
advisories | CVE-2005-0059
SHA-256 | 9ce703ad5c9bd75fcfef87c8bac1ae3c1fd17fdecd81546f34e40245d7b2d7cd
Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in the news reader of Microsoft Outlook Express.

tags | exploit, overflow
advisories | CVE-2005-1213
SHA-256 | ced8028d9cca6bc9a59d95ef68f3dcde4dd0cf2c66f33c63c215121b9e1bd260
Microsoft Plug and Play Service Overflow
Posted Nov 26, 2009
Authored by H D Moore, cazz | Site metasploit.com

This Metasploit module exploits a stack overflow in the Windows Plug and Play service. This vulnerability can be exploited on Windows 2000 without a valid user account. Since the PnP service runs inside the service.exe process, a failed exploit attempt will cause the system to automatically reboot.

tags | exploit, overflow
systems | windows
advisories | CVE-2005-1983
SHA-256 | 2d54b358ebb862c805c0f268e705e13f7bd6770f841069a133a28f5e460b2a4a
Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution
Posted Nov 26, 2009
Authored by H D Moore, san, O600KO78RUS | Site metasploit.com

This Metasploit module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This Metasploit module generates a random WMF record stream for each request.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2005-4560
SHA-256 | 86db9cc6a7d38fd5ac3353ce911cfa4cb32c5b51f03725a5e001c941eb2b3e42
Internet Explorer createTextRange() Code Execution
Posted Nov 26, 2009
Authored by H D Moore, Darkeagle, justfriends4n0w, Faithless | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer. Both IE6 and IE7 (Beta 2) are vulnerable. It will corrupt memory in a way, which, under certain circumstances, can lead to an invalid/corrupt table pointer dereference. EIP will point to a very remote, non-existent memory location. This Metasploit module is the result of merging three different exploit submissions and has only been reliably tested against Windows XP SP2. This vulnerability was independently discovered by multiple parties. The heap spray method used by this exploit was pioneered by Skylined.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2006-1359
SHA-256 | cc7d3a0a5a7e5685948a23de177b0b8648ee1b05bb7f812884db09692b243c0f
Microsoft RRAS Service RASMAN Registry Overflow
Posted Nov 26, 2009
Authored by H D Moore, Pusscat | Site metasploit.com

This Metasploit module exploits a registry-based stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\RAS Phonebook

tags | exploit, remote, overflow, registry
systems | windows
advisories | CVE-2006-2370
SHA-256 | 23ee569235c3874d89c2c84da0e57b5ca0d9fd9d118297399485cee1eebf336b
Microsoft RRAS Service Overflow
Posted Nov 26, 2009
Authored by H D Moore, Nicolas Pouvesle | Site metasploit.com

This Metasploit module exploits a stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000.

tags | exploit, remote, overflow
systems | windows
advisories | CVE-2006-2370
SHA-256 | 47054366204902bd94eaba8eae3d382f1284a1330486cc63fc5b83ed691498df
Microsoft Server Service NetpwPathCanonicalize Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a stack overflow in the NetApi32 CanonicalizePathName() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt will likely result in a complete reboot on Windows 2000 and the termination of all SMB-related services on Windows XP. The default target for this exploit should succeed on Windows NT 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0.

tags | exploit, denial of service, overflow
systems | windows
advisories | CVE-2006-3439
SHA-256 | f304ff367f431dfac7b97723e8ececdc2561af58e238d7424a938dd58f43af92
Internet Explorer VML Fill Method Code Execution
Posted Nov 26, 2009
Authored by H D Moore, Aviv Raff, Trirat Puttaraksa, Mr.Niega, M. Shirk | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code (VGX.dll). This Metasploit module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.

tags | exploit, overflow, code execution
systems | windows
advisories | CVE-2006-4868
SHA-256 | dc3cd815cea490d0b9d3e5420cb08f039d38532b17c625f368c3079ec2fe492d
Internet Explorer WebViewFolderIcon setSlice() Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a flaw in the WebViewFolderIcon ActiveX control included with Windows 2000, Windows XP, and Windows 2003. This flaw was published during the Month of Browser Bugs project (MoBB #18).

tags | exploit, activex
systems | windows
advisories | CVE-2006-3730
SHA-256 | f98f4db55e2d7e78b00b3522857c561efa3fb21ad8fa12270f3490dbaee6aa88
Page 7 of 12
Back56789Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close