Microsoft COM for Windows privilege escalation proof of concept exploit. A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how "Microsoft COM for Windows" handles serialized objects.
96f4a2c83114fc51a56f27a6b609fa56Whitepaper called EggHunter Buffer Overflow for Windows. Written in Arabic.
7530d81f5ea60524126e7b277d92327bMicrosoft Windows 10 version 1709 suffers from a child process restriction mitigation bypass vulnerability.
14320128fadf9ab6d9bdc495b2999b56scrrun.dll on Microsoft Windows 10 suffers from file creation, folder creation, and folder deletion vulnerabilities.
169fb0e802f9cddfb0fe5ba1f5284140Apple Security Advisory 2018-06-01-7 - iTunes 12.7.5 for Windows addresses buffer overflow and code execution vulnerabilities.
21418e58adb1661a517e3c6bd071d5abApple Security Advisory 2018-06-01-3 - iCloud for Windows 7.5 is now available and addresses buffer overflow and code execution vulnerabilities.
999dbe8d5703eeccacecf6a7cec02222DisplayLink Core Software version 8.2.1956 suffers from a dll hijacking vulnerability.
189008158d942041ef34603174a25ce2This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary (.exe) application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler hijacking. When we run slui.exe with changed Registry key (HKCU:\Software\Classes\exefile\shell\open\command), it will run our custom command as Admin instead of slui.exe. The module modifies the registry in order for this exploit to work. The modification is reverted once the exploitation attempt has finished. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting the payload in a different process.
cbaf903a1f48babbbfdd55bd95607ccfAXON PBX version 2.02 suffers from a DLL hijacking vulnerability.
7513907aab36270c4e33dc6b00e1d9d4Microsoft Windows Paint suffers from security feature bypass and unsafe file creation vulnerabilities.
da3594505f62c1e8ec64fd08c44fb673Microsoft Internet Explorer 11 on Windows 7 x64/x86 suffers from a vbscript code execution vulnerability.
c941ea777ceb3b732ed96b734dc41486Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
b0e9e5fe22e96d9fdfad18f750fa8f55This Metasploit module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default. This Metasploit module has been tested successfully on iMC PLAT v7.3(E0504P02) on Windows 2k12r2 x64 (EN).
409c199dae62513789f6016cba7903bdMicrosoft Windows suffers from a token process trust SID access check bypass elevation of privilege vulnerability.
ace4fe2f42f537091fcddcf5ec0fcb58Microsoft Windows 2003 SP2 RRAS SMB remote code execution exploit.
1604bc29de7262c3ef296fff4c6867b2Microsoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.
e4970e9fdb7dbc2ea52471b6d0a8c531This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the User-Agent HTTP header and PHP code in the User-Agent. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
f976c4045dcaba09573750799d5fb25aThis Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.
2580a04744c23352ceb458505fd66e3dThis Metasploit module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This Metasploit module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64.
bf78fbf975425db0dad45532ab61033fWhitepaper called Windows Kernel Exploitation Tutorial Part 8: Use After Free.
89f76cdffee77908ed5e8f26120672b7Red Hat Security Advisory 2018-1264-01 - Red Hat Mobile Application Platform 4.6.0 consists of three main components: Core - development and management of apps occurs in the RHMAP Core, which can be installed either in an on-premise installation of OpenShift Container Platform 3.x. MBaaS - Application data, runtimes, and integrations are deployed to the RHMAP MBaaS installed on OpenShift Container Platform 3.x. Build Farm - deployed separately from the Core and the MBaaS, the Build Farm is shared between all instances of RHMAP. Third-party Linux, Windows, and Apple server hosting providers are used to support building client app binaries for all platforms. Issues addressed include denial of service and remote file inclusion vulnerabilities.
1639cf470b44145f43a2452ed2f34325SourceTree for Windows versions prior to 2.5.5.0 suffer from an argument injection vulnerability via Mercurial tag names.
cd0bb2b6372bc9c1141ca2d3c6033f3aMetasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This Metasploit module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These POST-requests can be sent cross-domain and can therefore be sent to localhost on the victim's machine. The msfconsole-command to execute code is 'rbi -e "CODE"'. Exploitation when the browser is running on Windows is unreliable and the exploit is only usable when IE is used and the quiet-flag has been passed to msf-daemon.
9424518a3a5f452ec2a431c5b398c292Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
d9f9e206977da14427bfd66b582601aeFoxit Reader versions 8.3.1.21155 and below suffer from a dll hijacking vulnerability.
eb22e505d49272a974ea0a09ea10533a
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed