what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 933 RSS Feed

ActiveX Files

AoA MP4 Converter 4.1.2 Active-X Overflow
Posted May 20, 2014
Authored by metacom

AoA MP4 Converter version 4.1.2 suffers from an overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | cd63ce9472faafdf4e2e783946b14d6f167f018ab91f2599cfb2ebd6900462a4
AoA Audio Extractor 2.3.7 Active-X Overflow
Posted May 20, 2014
Authored by metacom

AoA Audio Extractor Basic version 2.3.7 suffers from an overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | dcf9cf1e13d58871d2e0e4bc3827849243e29adbcd9d4d52281ed0f2d1705f6c
AoA DVD Creator 2.6.2 Active-X Overflow
Posted May 20, 2014
Authored by metacom

AoA DVD Creator version 2.6.2 suffers from an overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | 2f31adef0c26503f7dcc55055e82e81b9c030906ddfc9884aac7a7f920f2863e
Adobe Flash Player Integer Underflow Remote Code Execution
Posted May 5, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This Metasploit module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

tags | exploit, remote, code execution, activex
systems | windows
advisories | CVE-2014-0497
SHA-256 | 594482f5a1c495d45be1ca68abe48c4f709881980182d2ec20827c5366645e8c
Adobe Flash Player Type Confusion Remote Code Execution
Posted Apr 29, 2014
Authored by bannedit, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, activex
systems | windows
advisories | CVE-2013-5331
SHA-256 | 2547432fd02f1ba4aff29ae93a0c14c41a56c95f4cec7e25e1165d0846aa03ec
Adobe Flash Player Regular Expression Heap Overflow
Posted Apr 19, 2014
Authored by juan vazquez, temp66, Boris dukeBarman Ryutin | Site metasploit.com

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.5.502.149. By supplying a specially crafted swf file with special regex value, it is possible to trigger an memory corruption, which results in remote code execution under the context of the user, as exploited in the wild in February 2013. This Metasploit module has been tested successfully with Adobe Flash Player 11.5 before 11.5.502.149 on Windows XP SP3 and Windows 7 SP1 before MS13-063, since it takes advantage of a predictable SharedUserData in order to leak ntdll and bypass ASLR.

tags | exploit, remote, code execution, activex
systems | windows
advisories | CVE-2013-0634, OSVDB-89936
SHA-256 | b765e1a53957bbf2df1ce33a8e36732231faa2f5864b98a4ceb6d3e0804e069a
KingScada kxClientDownload.ocx ActiveX Remote Code Execution
Posted Feb 11, 2014
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module abuses the kxClientDownload.ocx ActiveX control distributed with WellingTech KingScada. The ProjectURL property can be abused to download and load arbitrary DLLs from arbitrary locations, leading to arbitrary code execution, because of a dangerous usage of LoadLibrary. Due to the nature of the vulnerability, this module will work only when Protected Mode is not present or not enabled.

tags | exploit, arbitrary, code execution, activex
advisories | CVE-2013-2827
SHA-256 | ad47b03cb77be889b47d699cea4b847b22b73010c94c1218576856423018df63
MW6 Active-X Buffer Overflows
Posted Jan 23, 2014
Authored by Pedro Ribeiro

MW6 Technologies has various active-x controls that suffer from buffer overflow vulnerabilities. Proof of concept code is included.

tags | exploit, overflow, vulnerability, activex, proof of concept
systems | linux
SHA-256 | b3db5798c19a3d2d9c36503ff3c6adae47330561e39499f1617feed1f951c20c
DaumGame ActiveX 1.1.0.x Buffer Overflow
Posted Jan 22, 2014
Authored by Daniel Chechik | Site trustwave.com

DaumGame active-x control versions 1.1.0.5 and 1.1.0.4 suffer from a buffer overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, activex, proof of concept
advisories | CVE-2013-7246
SHA-256 | 700de7f082a11cf764630d887c017c3cbc2790e1de57e8121f8094354020695e
Heap Spraying - Active-X Controls Under Atatck
Posted Jan 17, 2014
Authored by Ashfaq Ansari

This is a whitepaper that discusses using heap sprays with vulnerable active-x controls.

tags | paper, activex
SHA-256 | 182912d0e8bbbc850abf4281ee8356d5767b5cb9c7194c7bbfc2b5eab415ddae
Lorex Security DVR Active-X Buffer Overflow
Posted Jan 10, 2014
Authored by Pedro Ribeiro

Lorex Security DVR systems suffers from an active-x related buffer overflow vulnerability.

tags | advisory, overflow, activex
advisories | CVE-2014-1201
SHA-256 | a54d0f52ae58b40ee40061c7e9c569e51ba1726893d2ddd6e053141f37699907
Microsoft Tagged Image File Format (TIFF) Integer Overflow
Posted Nov 27, 2013
Authored by sinn3r, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft's Tagged Image File Format. It was originally discovered in the wild, targeting Windows XP and Windows Server 2003 users running Microsoft Office, specifically in the Middle East and South Asia region. The flaw is due to a DWORD value extracted from the TIFF file that is embedded as a drawing in Microsoft Office, and how it gets calculated with user-controlled inputs, and stored in the EAX register. The 32-bit register will run out of storage space to represent the large value, which ends up being 0, but it still gets pushed as a dwBytes argument (size) for a HeapAlloc call. The HeapAlloc function will allocate a chunk anyway with size 0, and the address of this chunk is used as the destination buffer of a memcpy function, where the source buffer is the EXIF data (an extended image format supported by TIFF), and is also user-controlled. A function pointer in the chunk returned by HeapAlloc will end up being overwritten by the memcpy function, and then later used in OGL!GdipCreatePath. By successfully controlling this function pointer, and the memory layout using ActiveX, it is possible to gain arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution, activex
systems | windows
advisories | CVE-2013-3906
SHA-256 | 36cbcba744d7659568ae499cb8f62964f839c74b64b5def580d9440a661806da
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
Posted Nov 26, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size field, counting the number of elements on the collection. By calling the remove() method on an empty CardSpaceClaimCollection it is possible to underflow the length field, storing a negative integer. Later, a call to the add() method will use the corrupted length field to compute the address where write into the SafeArray data, allowing to corrupt memory with a pointer to controlled contents. This Metasploit module achieves code execution by using VBScript as discovered in the wild on November 2013 to (1) create an array of html OBJECT elements, (2) create holes, (3) create a CardSpaceClaimCollection whose SafeArray data will reuse one of the holes, (4) corrupt one of the legit OBJECT elements with the described integer overflow and (5) achieve code execution by forcing the use of the corrupted OBJECT.

tags | exploit, overflow, code execution, activex
advisories | CVE-2013-3918, OSVDB-99555
SHA-256 | 58f2175e1ed88e1751853e1d2aa79f7740fb2c4be64b98ebf51299e06cc219c0
Aladdin Knowledge Systems Ltd. Overflow
Posted Oct 16, 2013
Authored by Blake

Aladdin Knowledge Systems Ltd. PrivAgent active-x control overflow exploit.

tags | exploit, overflow, activex
SHA-256 | 78e1f9941ee243de2c6fa4f4dd4d806f45dbe201a8b08daf54b144678052bb4f
Indusoft Thin Client 7.1 Buffer Overflow
Posted Oct 10, 2013
Authored by Blake

Indusoft Thin Client version 7.1 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | c00e0788c5d6462b72882a1157510d0caed575ccdad96d8ed169da385363cbcc
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
Posted Oct 2, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits the SEListCtrlX ActiveX installed with the SIEMENS Solid Edge product. The vulnerability exists on several APIs provided by the control, where user supplied input is handled as a memory pointer without proper validation, allowing an attacker to read and corrupt memory from the target process. This Metasploit module abuses the methods NumChildren() and DeleteItem() in order to achieve memory info leak and remote code execution respectively. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP SP3 and Windows 7 SP1, using Solid Edge 10.4.

tags | exploit, remote, code execution, activex
systems | windows
advisories | OSVDB-93696
SHA-256 | e226e603a3f8f22c21c0f2712cbfeaa7a0838b3fecca9d66915509a6db1d2185
SolarWinds Monitor 6.0 Buffer Overflow
Posted Sep 23, 2013
Authored by Blake

SolarWinds Server and Application Monitor version 6.0 suffers from an active-x related buffer overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | 841395a87d46f8aba7dd14551684fe16b9e3de8cd2cb1433a295058e36790214
McKesson Active-X 11.0.10.38 Enumeration
Posted Sep 19, 2013
Authored by Blake

McKesson active-x control version 11.0.10.38 suffers from a variable enumeration vulnerability.

tags | exploit, activex
SHA-256 | eb5a347719e20933c95310d59d0af5d7d0a513bcbf2f6ec63b483b1c7dc9b822
Apple Security Advisory 2013-09-18-1
Posted Sep 18, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-18-1 - iTunes 11.1 is now available. A memory corruption issue existed in the iTunes ActiveX control. This issue was addressed through additional bounds checking.

tags | advisory, activex
systems | apple
advisories | CVE-2013-1035
SHA-256 | 46fc7b5eb3fefe13a291247cae855e3a91a0a0bd612ea62733b12ce2dc1e80a2
Mitsubishi MC-WorkX 8.02 File Execution
Posted Sep 16, 2013
Authored by Blake

Mitsubishi MC-WorkX version 8.02 active-x control file execution proof of concept exploit.

tags | exploit, activex, proof of concept
SHA-256 | 051bf2d457fb3478224730c5a764957e57768528962485ff7c0f290f39f09bec
KingView 6.53 Active-X File Copy
Posted Sep 5, 2013
Authored by Blake

KingView version 6.53 has an insecure active-x control that allows for arbitrary file copying.

tags | exploit, arbitrary, activex
SHA-256 | b16413ec1271c3727d0068f3aaa5e74cf60deb2c6fcbdfbe249e49df7374ffa2
KingView 6.53 Active-X File Overwrite / Creation
Posted Sep 5, 2013
Authored by Blake

KingView version 6.53 has an insecure active-x control that allows for arbitrary file creation and overwrite.

tags | exploit, arbitrary, activex
SHA-256 | 785c1ed4650168b152eb1ff73cd68727e7dd22759c9a9b2913d8f8f3b8aa9c10
HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution
Posted Sep 4, 2013
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.

tags | exploit, arbitrary, activex
systems | windows
advisories | CVE-2013-4798, OSVDB-95642
SHA-256 | 4190aaee2f0f7797aa2729616b04019ec0f364bcd4a09603637a82a20624f5f6
HP LoadRunner lrFileIOService ActiveX Remote Code Execution
Posted Aug 29, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.

tags | exploit, activex
systems | windows
advisories | CVE-2013-2370, OSVDB-95640
SHA-256 | a5e106a110e475d117b3500d373abbf472e7b81cec4cfdde2c8f9d7957853a9b
PE (Portable Executable) File Format
Posted Aug 12, 2013
Authored by Nytro

This paper describes the PE (Portable Executable) file format used by Windows executables (.exe), dynamic link libraries (.dll) and other files: system drivers or ActiveX controls. It is written in Romanian.

tags | paper, activex
systems | windows
SHA-256 | a2646c777b4db6e736b6d280dbe7880941e981053a622f50cc9a96c813f0425e
Page 2 of 38
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close