Help and Support Center is the default application provided to access online documentation for Microsoft Windows. Microsoft supports accessing help documents directly via URLs by installing a protocol handler for the scheme "hcp". Due to an error in validation of input to hcp:// combined with a local cross site scripting vulnerability and a specialized mechanism to launch the XSS trigger, arbitrary command execution can be achieved. On IE7 on XP SP2 or SP3, code execution is automatic. If WMP9 is installed, it can be used to launch the exploit automatically. If IE8 and WMP11, either can be used to launch the attack, but both pop dialog boxes asking the user if execution should continue. This exploit detects if non-intrusive mechanisms are available and will use one if possible. In the case of both IE8 and WMP11, the exploit defaults to using an iframe on IE8, but is configurable by setting the DIALOGMECH option to "none" or "player".
fae0587a07ffa8b213cee7c812361f42cf16fd43add9fe1b6eececa4f549a507
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
71ccaf27795a2d55817a54366b9579a0f716c0eac2bba96dd2737900840223ae
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
e02f5ac92e82f00a79b8fe5ef61a301064717212d5c369c5e7ac2e797ab4e3bd
This Metasploit module exploits a stack overflow in the web server provided with the EvoCam program for Mac OS X. We use Dino Dai Zovi's exec-from-heap technique to copy the payload from the non-executable stack segment to heap memory. Vulnerable versions include 3.6.6, 3.6.7, and possibly earlier versions as well. EvoCam version 3.6.8 fixes the vulnerability.
1c923c534030db638a49cbc2059c3e52cb7a34e60ab4c8b6bd58d2cf5b383ff5
This Metasploit module uses exploits a malicious backdoor that was added to the Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010.
52f914f7168fd04b82c913d02b7265643ee5d7402d40a96322c070c6b1569b32
Unreal IRCD version 3.2.8.1 remote command execution exploit.
13fb59763a9149cb8c2ac47622acf9b279de43db9e8ab6f6d1269434ff83f8af
Unreal IRCD version 3.2.8.1 remote downloader / execute trojan.
4b48b6d7dd9b7a30c90dabc085b3db23fc600667602fe5e3f49415b7e925975e