exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed


Windows Kernel Use-After-Free In WindowStation
Posted Sep 22, 2015
Authored by Nils, Google Security Research

The Microsoft Windows kernel suffers from a use-after-free vulnerability in WindowStation.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-1723
SHA-256 | aa3efde61185dc1eb0cb8968c6c591a89fd27959b2d48dd4fabbf0770e09ec6e

Related Files

Posted Apr 21, 2008
Authored by Luke Jennings | Site mwrinfosecurity.com

This whitepaper discusses the security exposures that can occur due to the manner in which access tokens are implemented in the Microsoft Windows Operating System. A brief overview of the intended function, design and implementation of Windows access tokens is given, followed by a discussion of the relevant security consequences of their design. More specific technical details are then given on how the features of Windows access tokens can be used to perform powerful post-exploitation functions during penetration testing, along with a basic methodology for including an assessment of the vulnerabilities exposed through tokens in a standard penetration test.

tags | paper, vulnerability
systems | windows
SHA-256 | f23fe0277430389cbdd97c8c16d8eedd6520a0745f8fdc08b7c96f87a6131bf1
Posted Apr 14, 2008
Authored by Lamhtz

This code generates an emf file that demonstrates the Microsoft Windows GDI API stack overflow vulnerability as detailed in MS08-021. Spawns calc.exe.

tags | exploit, overflow
systems | windows
SHA-256 | 6f68db9ec797e0add0cb4a67fd3be85362d579bbb59ac2c3a624fdfeff5362f4
Posted Oct 22, 2007
Authored by Stefan Kanthak

The Microsoft Windows binary of curl contains a vulnerable version of zlib.

tags | advisory
systems | windows
advisories | CVE-2005-2096
SHA-256 | 23ffc0004b9551d2eac301f99d76817eaf4fd4cb36162d70811e58df6ded7a07
Posted Oct 22, 2007
Authored by Stefan Kanthak

The Microsoft Windows binary GSV48W32.EXE of gsview contains a vulnerable version of zlib.

tags | advisory
systems | windows
advisories | CVE-2005-2096
SHA-256 | 4f5970a0b756c59df38bb2646529f1f975572ff3992b0be14d2bee4befb49e8c
Zero Day Initiative Advisory 07-055
Posted Oct 11, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC runtime library rpcrt4.dll during the parsing of RPC-level authentication messages. When parsing packets with the authentication type of NTLMSSP and the authentication level of PACKET, an invalid memory dereference can occur if the verification trailer signature is initialized to 0 as opposed to the standard NTLM signature. Successful exploitation crashes the RPC service and subsequently the entire operating system.

tags | advisory, remote
systems | windows
advisories | CVE-2007-2228
SHA-256 | 81c3eb66a83ea337ccd5a2db389db399942be188bee24be99a592d845a95a2b3
iDEFENSE Security Advisory 2007-07-19.2
Posted Jul 20, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 07.19.07 - Remote exploitation of an input handling vulnerability within multiple browsers on the Microsoft Windows platform allows code execution as the local user. This vulnerability is due to interaction between programs. The most commonly used Microsoft Windows URL protocol handling code doesn't provide a way for the URI handling application to distinguish the end of one argument from the start of another. The problem is caused by the fact that browsers do not pct-encode certain characters in some URIs, which does not comply with the behavior that RFC3986 (also known as IETF STD 66) requires. As a result, a specially constructed link could be interpreted as multiple arguments by a URI protocol handler.

tags | advisory, remote, local, code execution, protocol
systems | windows
advisories | CVE-2007-3670
SHA-256 | 9b05f19043a6d8514b2073fb08476be0bcc0a957cc17806d1640358b4e31e615
Posted Apr 17, 2007
Authored by Winny Thomas

Remote exploit for the Microsoft Windows DNS RPC service vulnerability. Tested on Windows 2000 SP4. Binds a shell to TCP port 4444.

tags | exploit, remote, shell, tcp
systems | windows
SHA-256 | 52be5bb153f92f69f6c22aada5a4bf41e884d3ca129b013c5861c86b7ca83c81
Technical Cyber Security Alert 2007-103A
Posted Apr 17, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-103A - A buffer overflow in the the Remote Procedure Call (RPC) management interface used by the Microsoft Windows Domain Name Service (DNS) service is actively being exploited. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges.

tags | advisory, remote, overflow, arbitrary
systems | windows
SHA-256 | d2859d68d4c262fbd5b36580b848066e0110d1dde3ed78789494106b76010fda
Posted Apr 5, 2007
Authored by devcode

Exploit for the Microsoft Windows .ANI LoadAniIcon stack overflow vulnerability. (Hardware DEP).

tags | exploit, overflow
systems | windows
advisories | CVE-2007-1765
SHA-256 | 712fe1c2ff48b375d86ed79e79a516acf08a26ac10ba886752f4ca552ec005a2
Posted Apr 2, 2007
Authored by devcode

Exploit for the Microsoft Windows .ANI LoadAniIcon stack overflow vulnerability.

tags | exploit, overflow
systems | windows
advisories | CVE-2007-1765
SHA-256 | 9bbb7c1c2b71a6a3b99aa65609485e47c1dfaa3714e3947845ac1906488602f1
Posted Apr 2, 2007
Site research.eeye.com

Quick and dirty blanket fix for the Microsoft Windows ANI zero-day vulnerabilities. Prevents loading cursors from outside the Windows directory.

tags | vulnerability
systems | windows
SHA-256 | 3b81a136644b11b0a7ff108dd16f0475eb209f61cc7f58f1aa3a32ab34040fd2
Posted Oct 17, 2006
Authored by McAfee Avert Labs Security Advisory | Site mcafee.com

MS06-060 Microsoft Word Memmove Code Execution: An integer bug (stack overflow) exists in the Microsoft Word file format. The file format allows a attacker to create a malicious Microsoft Word document that when opened, will execute arbitrary code.

tags | advisory, overflow, arbitrary, code execution
SHA-256 | 3cae2e3fac489cdba2ec8487874eb74263b0a1ac2d72ec8ac4cfa4bdcc7063da
Posted Jul 12, 2006
Authored by H D Moore, Pedram Amini | Site tippingpoint.com

The Microsoft SRV.SYS driver suffers from a memory corruption flaw when processing Mailslot messages. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability and code execution occurs within the context of the kernel.

tags | advisory, remote, arbitrary, kernel, code execution
systems | windows
advisories | CVE-2006-1314
SHA-256 | 7ecbc9c470fe349666dc38c15db04ebb879ba6bf0f07f04da1973e974ec14ce4
Posted Jun 15, 2006
Authored by Peter Winter-Smith | Site nextgenss.com

Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in the Microsoft Windows Remote Access Connection Manager (RASMAN) service which (under certain versions of the OS) can allow a remote, anonymous attacker to gain complete control over a vulnerable system.

tags | advisory, remote
systems | windows
SHA-256 | ce666f7ac90d12808bb6374e61c4e98e95f0a4b83af01d5cda10c9d11a769958
Debian Linux Security Advisory 954-1
Posted Jan 25, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 954-1 - H D Moore that discovered that Wine, a free implementation of the Microsoft Windows APIs, inherits a design flaw from the Windows GDI API, which may lead to the execution of code through GDI escape functions in WMF files.

tags | advisory
systems | linux, windows, debian
SHA-256 | fb2479bedb36ebf34a7eeb07278cc6e02076b72527694a66f01a0707ed60bfcc
Posted Dec 31, 2005
Site nist.org

Lotus Notes uses the same vulnerable shimgvw.dll graphics rendering engine file implicated in the Microsoft WMF file handling vulnerability.

tags | advisory
SHA-256 | 29b636686315c58735d0610c7bca6c8b5cc3272d4a75f859ecf334370e5f21e7
iDEFENSE Security Advisory 2005-11-15.2
Posted Nov 20, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 11.15.05 - The Microsoft Windows API includes the CreateProcess() function as a means to create a new process and it's primary thread. CreateProcessAsUser() is similar but allows for the process to be run in the security context of a particular user.

tags | advisory
systems | windows
advisories | CVE-2005-2936, CVE-2005-2937, CVE-2005-2938, CVE-2005-2939, CVE-2005-2940
SHA-256 | 1289dfa440366d67d45c72d716be67b8b1c2b302380404923caf3d7fb037ddf8
Posted Sep 7, 2005
Authored by Bruce Ward | Site doorman.sourceforge.net

The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a server to run invisibly, with all TCP ports closed. This version is the Microsoft Windows binary executable release.

Changes: Fixed the silent doorman problem.
tags | tcp
systems | windows
SHA-256 | 57345ec915673f362174511548c0cbd83c339b83dd62789814fd4735415681a5
Posted Apr 18, 2005
Authored by class101 | Site hat-squad.com

Remote heap buffer overflow exploit for the Microsoft Windows Internet Name Service. Tested against Win2k SP4 Advanced Server English. This exploit can bind a shell to port 101 or will reverse a cmd shell back to a listener.

tags | exploit, remote, overflow, shell
systems | windows
SHA-256 | 066ed83cc6f30f1fbe63953338c4c89426c0eae9a7ecfd5d398fd0ba8b78fe6e
Secunia Security Advisory 14927
Posted Apr 18, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | windows
SHA-256 | 70ca029addbeddade618919711c18da208452656cc11692b5bd5cd26261bbb86
Technical Cyber Security Alert 2005-12B
Posted Jan 16, 2005
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA05-012B - The Microsoft Windows HTML Help Activex control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML document loaded in Internet Explorer or any other program that uses MSHTML.

tags | advisory, remote, arbitrary, activex
systems | windows
advisories | CVE-2004-1043
SHA-256 | f949ff7007b0bc2ee900d61b80429cf7743c36db3f2cad18ce6f549fbc6b9554
Posted Jan 12, 2005
Authored by Cesar Cerrudo | Site appsecinc.com

AppSecInc Advisory - The Microsoft Windows LPC (Local Procedure Call) mechanism is susceptible to a heap overflow that allows for privilege escalation.

tags | advisory, overflow, local
systems | windows
SHA-256 | 8aff40b0ee0ad0cc1af142ebe5ba1bdbdb9b46ace767d159bfba4e3fac06d6fe
Posted Jan 2, 2005

Simple html code that exploits the Microsoft Windows Kernel ANI file parsing denial of service vulnerability.

tags | exploit, denial of service, kernel
systems | windows
SHA-256 | cf44a30717cbfa87a4eca787700675a9ccf6dfd210ede54e536d2f945a868853
Secunia Security Advisory 13492
Posted Dec 30, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Windows XP SP2, which erroneously causes the firewall to allow connections from the Internet. The problem is caused by the way certain dialers configure the routing table and how local subnets are interpreted when the 'My network (subnet) only' option is used in the Microsoft Windows Firewall. This issue only affects Windows XP with Service Pack 2 in combination with a dial-up network connection.

tags | advisory, local
systems | windows
SHA-256 | 9f2a42f33cf3ef3b9cbc69be862687892b20ffa30435a96bb191145f1116d324
Posted Sep 15, 2004
Authored by Peter Winter-Smith | Site microsoft.com

Microsoft Security Advisory MS04-027 - A remote code execution vulnerability exists in the Microsoft WordPerfect 5.x Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2004-0573
SHA-256 | 66e855df17de149765d7724cc2f3b2514f160cbf62a98e1bbaa3980790cdec12
Page 3 of 4

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By