Backdoor.Win32.Hupigon.adef malware suffers from a remote stack buffer overflow vulnerability.
56dcff006711ea9da6145c956545867e
143 bytes small Windows/x86 stager generic MSHTA shellcode.
cd26783c34c055b8e7b1aa54b1801d75
Backdoor.Win32.Xel malware suffers from a remote authentication-related buffer overflow vulnerability.
86ce28c9e275557be43957e097c1a73a
Backdoor.Win32.Verify.f malware has backdoors running on TCP ports 1906 and 1907 that do not require any authentication.
ca8e4a026f7a8a413a34154343153445
Backdoor.Win32.WinShell.30 malware suffers from remote stack buffer overflow and missing authentication vulnerabilities.
6b603f2efdd114008cbac8105f5cc6f7
Backdoor.Win32.Onalf malware has a backdoor running on TCP/2020 that does not require any authentication.
8413023933171cccf3cf8f346fc00dc6
Backdoor.Win32.Zxman malware has a backdoor running on TCP/2048 that does not require any authentication.
e59d2f563516bdcc00be9a6bd0fe9c3e
Backdoor.Win32.Whisper.b malware suffers from a remote stack corruption vulnerability.
4bd5113d73f55e63e170f6485cf89911
Backdoor.Win32.Whirlpool.10 malware suffers from a remote stack buffer overflow vulnerability.
c3d3b273680f8c02a4ca076c42f19836
Backdoor.Win32.Zombam.geq malware suffers from a remote buffer overflow vulnerability.
0e05a63a804977c46a87862508e94e15
Backdoor.Win32.NetBull.11.a malware suffers from a remote buffer overflow vulnerability.
c7e98adc9680b9ba74fa492156661473
Email-Worm.Win32.Agent.gi malware suffers from a remote stack buffer overflow vulnerability.
4cd0dcc841eb9464b95eea555c050501
Constructor.Win32.SMWG.c malware suffers from an insecure permissions vulnerability.
e122f5165b2281d0ce329bb9e0e184e9
Constructor.Win32.SMWG.a suffers from an insecure permissions vulnerability.
5fad881b745d1314ea203b37f2d103fc
Backdoor.Win32.Mnets malware suffers from a remote stack buffer overflow vulnerability.
5d8aad9a560a7ece945d0fe95285e29d
Backdoor.Win32.Whgrx malware suffers from a remote host header stack buffer overflow vulnerability.
029e2786ef07f0a4088dd28099d0c0ba
Backdoor.Win32.Latinus.b malware suffers from a remote buffer overflow vulnerability.
b661fe827bf583c7569949c8d8a2da77
Backdoor.Win32.Ncx.bt malware suffers from a remote stack buffer overflow vulnerability.
f5bce01787682bf3fb97234b39073682
Backdoor.Win32.Ketch.a suffers from a remote stack buffer overflow vulnerability.
2b2dc699e19a395de36fa5e2527ce2c4
Backdoor.Win32.Ketch.i malware suffers from a remote stack buffer overflow vulnerability.
db079ee4491b3f466c3e96c16dc1b444
Backdoor.Win32.Kurbadur.a malware suffers from a remote stack buffer overflow vulnerability.
d7e25699281dd539a431c9cfb0f980e8
This Metasploit module exploits a vulnerability in cldflt.sys. The Cloud Filter driver on Windows 10 v1803 and later, prior to the December 2020 updates, did not set the IO_FORCE_ACCESS_CHECK or OBJ_FORCE_ACCESS_CHECK flags when calling FltCreateFileEx() and FltCreateFileEx2() within its HsmpOpCreatePlaceholders() function with attacker controlled input. This meant that files were created with KernelMode permissions, thereby bypassing any security checks that would otherwise prevent a normal user from being able to create files in directories they don't have permissions to create files in. This module abuses this vulnerability to perform a DLL hijacking attack against the Microsoft Storage Spaces SMP service, which grants the attacker code execution as the NETWORK SERVICE user. Users are strongly encouraged to set the PAYLOAD option to one of the Meterpreter payloads, as doing so will allow them to subsequently escalate their new session from NETWORK SERVICE to SYSTEM by using Meterpreter's "getsystem" command to perform RPCSS Named Pipe Impersonation and impersonate the SYSTEM user.
a3096153d5abb79b42ddbd4fd922a273
Backdoor.Win32.Zombam.a malware suffers from a remote stack buffer overflow vulnerability.
1d4c04985317d4a19cc3d4abc3ead48f
Backdoor.Win32.Levelone.b malware suffers from a stack buffer overflow vulnerability.
483f356a3fa7919f6cd02a9cbf70cec3
Backdoor.Win32.Levelone.a malware suffers from a remote stack buffer overflow vulnerability.
42c19cf7188e3ac194716a5bf3da43a2