My File Explorer version 1.3.1 suffers from local file inclusion and command injection vulnerabilities.
dcd36b1e81dc4897c85854e51fc24ad5142a0a146cb6c234133e703733f730c3Secunia Security Advisory - Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
e5de6e2fff530ffd05cb27893703f44e05f49d1b01dd026a2dcc2d8dcee81d33This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
80aa8fe12f19503ea93e85f9cbe5047a17dec97794103ad2756b25cd88a949eeCisco Security Advisory - The Cisco Clientless VPN solution as deployed by Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) uses an ActiveX control on client systems to perform port forwarding operations. Microsoft Windows-based systems that are running Internet Explorer or another browser that supports Microsoft ActiveX technology may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser. The affected ActiveX control is distributed to endpoint systems by Cisco ASA. However, the impact of successful exploitation of this vulnerability is to the endpoint system only and does not compromise Cisco ASA devices. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
d5eb4f15929e22adebee6cabc4901b0a19fd375282c7f4226edd361bb721237fSecunia Security Advisory - A vulnerability has been reported in ES File Explorer, which can be exploited by malicious people to bypass certain security restrictions.
2ef47eafe19437e3d1246d3b91120edecb6793f9d2ec6ba017533e4226a03fc9This is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.
31cef28f3ae91f47c652ada6f2b786f3ba4d464050c6d2c3cfd46b5a0f99df82Zero Day Initiative Advisory 12-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. The object is can be reused, and due to this object being freed, a later allocation can be located in this memory region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
91ba23f83f6adbe244489b8b48522efdcef4f230714e8addb8a8a5a7d593320cZero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
df4f311fcd1579648e5945d76912d846d27da68fbe2df2c21540d95d6a0122e9Technical Cyber Security Alert 2012-45A - There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Silverlight, Office, and Microsoft Server Software. Microsoft has released updates to address these vulnerabilities.
8457d85d15912aeb51608210888694a1a98c23b89b24233876fcddaa5bc42fa9Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system.
b308e3f0d550e88c02ba64549c3ab4899bdafa2333900cecc74658241456a277Secunia Security Advisory - A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to bypass certain security restrictions.
9aacbad5931d77df4cfe9d0850cafabb716835fd98c6af727e121d68121f2839Microsoft Internet Explorer 8 suffers from a denial of service vulnerability due to a stack exhaustion issue.
c0206d977f507f789c26838b5b33a945a10259c50ae11b7756dce67dd5c7f7aeZero Day Initiative Advisory 12-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor ActiveX control (CLSID: {466576F3-19B6-4FF1-BD48-3E0E1BFB96E9}). By passing an overlong string to the LoadXML() method it is possible to trigger a heap corruption vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected machine under the context of the user running the Internet Explorer process.
4c0d8147a4cc744a03c4b805f15c9dfd3c1b87e71dd48d95d2810e446ce52c6dThis bug is triggered when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window()' JavaScript function. This exploit results in a call to an address lower than the heap. The javascript prompt() places the shellcode near where the call operand points to. The module calls prompt() multiple times in separate iframes to place our return address. The module hides the prompts in a popup window behind the main window and then it will spray the heap a second time with the shellcode and point the return address to the heap. It then uses a fairly high address to make this exploit more reliable. IE will crash when the exploit completes. Also, please note that Internet Explorer must allow popups in order to continue exploitation.
dfbe6b34adf9a6a1783c641f7329756e98c1bb69d235bba9e36f55dd9ec0f6b0Secunia Security Advisory - Three vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
5e59d9f3c10d3e199e1e365749e0b4729cc59f61ea968501b6cc33ed9750a587Technical Cyber Security Alert 2011-347A - There are multiple vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Microsoft has released updates to address these vulnerabilities.
b9cbd618dc5ad0ab1f0332bb4d47e133da88374e06cc85472a7ccb80e850fb21Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.
e054bd896f56e8be803b55bc04ad540e6247fb7a0bbcf3094c27a9a421226a18Secunia Security Advisory - A weakness has been discovered in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information.
a76fcf44e70083668fa59634b13baa32364b3b8016ee345cd06c44afb1770545SAP GUI BAPI Explorer suffers from a stored cross site scripting vulnerability that can lead to code execution.
f6883239887dfc0459693dd45a90be345741e71f87d44c9a5702b07adc70a47bVUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing the "X-UA-COMPATIBLE" keyword of a "META" tag, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
48c8c110e7a16caf9bec75c333999b1e5148e63511b0674e0649301d7dfb1252Zero Day Initiative Advisory 11-290 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within mshtml.dll and is a logic bug in the way it handles the 'extra size index' in certain CDispNode classes within the SetExpandedClipRect function. When the 'extra size index' is zero, the code fails to correctly adjust the class instance pointer before and uses the vftable pointer as a flag field. This corrupts the vftable pointer and can lead to remote code execution under the context of the current user. This issue is closely related to CVE-2009-3672.
1d40d6b1ba8dfd59633c144649c1581d7ee175acfcca3e3c50b35fcaa6c656a9Zero Day Initiative Advisory 11-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). When a call to swapNode is issued on an node within a document that has two body nodes, Internet Explorer frees an attribute field for one of the body nodes and then later re-uses the freed field during the node swap. This behavior could result in remote code execution under the context of the current user.
fbfbd2d2afca4f61a064175e15ba52c20edd33a6ce5dbc4b75600c0392c49983Zero Day Initiative Advisory 11-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. When parsing one of the operands of a method, the application will pass the argument straight to a method that will use the variant as an index. Due to bypassing the argument check, an aggressor can set the index to point to data outside the bounds of the array. This can lead to code execution under the context of the application.
49e5115748956c3af8a74acce2d714b829db1a341cc8fd48b66a19a161e41ffeZero Day Initiative Advisory 11-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.
fdaefb0d3ef4ba650c4eed49e97330766ec02cd5c66f50e4795ac2130cfd44b9Two code execution vulnerabilities have been discovered in Internet Explorer. One vulnerability is caused by incorrectly validating integer parameter passed to the 'add' method of the Select HTML element. Another vulnerability is caused by a use-after-free bug triggered by accessing a previously deleted Option element.
00ed6913fc28235fa406b329358c7b4198e80bad1be3a6a32de2641d3a1cb323iDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.
a4cc81d5475470608b44363a528ccde05f1dbe3da1d6719cf0e9b5d63761b2d0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed