all things security
Showing 51 - 75 of 923 RSS Feed

ActiveX Files

Java Web Start Launcher Memory Corruption
Posted Apr 17, 2013
Authored by A. Antukh | Site sec-consult.com

The Java active-x control in Java Web Start Launcher suffers from a memory corruption vulnerability.

tags | exploit, java, web, activex
advisories | CVE-2013-2416
MD5 | 65d29927757caf1ebc4312dda86ef003
McAfee Virtual Technician (MVT) 6.5.0.2101 Unsafe Active-X
Posted Mar 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

McAfee Virtual Technician (MVT) 6.5.0.2101 suffers from an exposed unsafe active-x method.

tags | exploit, activex
advisories | CVE-2012-5879
MD5 | 9daee446aada008191242f2e0649a9f5
LiquidXML Studio 2012 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2012 active-x insecure method executable file creation exploit.

tags | exploit, activex
MD5 | 8481a1111059e71512f4a866d43e0218
LiquidXML Studio 2010 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2010 active-x insecure method executable file creation exploit.

tags | exploit, activex
MD5 | de59a2c491a2cad4f76688d832403f75
Mitsubishi MX Component Active-X Code Execution
Posted Mar 25, 2013
Authored by Dr_IDE

Mitsubishi MX Component version 3 remote exploit that binds a shell to port 5500.

tags | exploit, remote, shell, activex
MD5 | e7ca83c4de0fa9f98a40525df59be727
EastFTP Active-X Code Execution
Posted Mar 22, 2013
Authored by Dr_IDE

EastFTP Active-X control version 4.6.02 code execution exploit.

tags | exploit, code execution, activex
MD5 | 511aeafa23744b085ad01574f55df3a7
Siemens Security Advisory 714398
Posted Mar 21, 2013
Authored by Siemens ProductCERT | Site siemens.com

WinCC stores Windows user credentials (user names and passwords) in a database. Authenticated users can log into this database, break the existing obfuscation and extract passwords. Furthermore, the database permissions allowed unprivileged users to gain access to sensitive data. A third vulnerability was found in the WinCC web server, where authenticated users could browse the file system via URL manipulation and extract sensitive information. A fourth vulnerability was found in the ActiveX component "RegReader", which is vulnerable to a buffer overflow and possible remote code execution. Manipulated project files can trigger a fifth vulnerability, which can allow an attacker to take over the WinCC PC. Furthermore a communication component called CCEServer is vulnerable to a remote buffer overflow that can be triggered over the network.

tags | advisory, remote, web, overflow, code execution, activex
systems | windows
MD5 | ffcbfac441af1daea9d6fc7bb79ad494
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
Posted Mar 11, 2013
Authored by juan vazquez | Site metasploit.com

This Metasploit modules exploits a vulnerability found in the Honeywell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the HSC Remote Deployer ActiveX installed with HoneyWell EBI R410.1.

tags | exploit, remote, arbitrary, activex
advisories | CVE-2013-0108, OSVDB-90583
MD5 | b1fd8d046d8eca6aa668e9a64beffa6c
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
Posted Feb 12, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the Novell GroupWise Client gwcls1.dll ActiveX. Several methods in the GWCalServer control use user provided data as a pointer, which allows to read arbitrary memory and execute arbitrary code. This Metasploit module has been tested successfully with GroupWise Client 2012 on IE6 - IE9. The JRE6 needs to be installed to achieve ASLR bypass.

tags | exploit, arbitrary, activex
advisories | CVE-2012-0439, OSVDB-89700
MD5 | c38765c983f0fdcbd12d4ca9699086b6
Aloaha PDF Crypter 3.5.0.1164 File Overwrite
Posted Jan 24, 2013
Authored by shinnai | Site shinnai.altervista.org

Aloaha PDF Crypter version 3.5.0.1164 suffers from an active-x arbitrary file overwrite vulnerability.

tags | exploit, arbitrary, activex
MD5 | 888300add9c3236f7e878d81c2eec418
Honeywell Tema Remote Installer ActiveX Remote Code Execution
Posted Jan 10, 2013
Authored by juan vazquez, Terry McCorkle, Billy Rios | Site metasploit.com

This Metasploit modules exploits a vulnerability found in the Honeywell Tema ActiveX Remote Installer. This ActiveX control can be abused by using the DownloadFromURL() function to install an arbitrary MSI from a remote location without checking source authenticity or user notification. This Metasploit module has been tested successfully with the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and Internet Explorer 6, 7 and 8 on Windows XP SP3.

tags | exploit, remote, arbitrary, activex
systems | windows, xp
advisories | OSVDB-76681
MD5 | c4949f0868cc4476871b538db5e4df4c
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.

tags | exploit, overflow, activex
systems | windows, xp
advisories | CVE-2012-2176, OSVDB-82166
MD5 | 48ad485ac51cf88650714ac9be1194f5
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.

tags | exploit, overflow, activex
systems | windows, xp
advisories | CVE-2012-2175, OSVDB-82755
MD5 | 3e8b25b82a2e00d9ad3fe55474bd9e24
Zero Day Initiative Advisory 12-203
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-203 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ActiveX control defined within the HSCDSPRenderDll.dll file. The RequestDSPLoad method does not properly verify the length of a supplied argument before copying it into a fixed-length heap buffer. A remote attacker can abuse this to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-2054
MD5 | 85ff551f656d3bd7b3f1f9561df4f847
Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
Posted Dec 18, 2012
Authored by Dr_IDE, Dmitriy Pletnev, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1. The module uses the msvcr71.dll library, loaded by the affected ActiveX control, to bypass DEP and ASLR.

tags | exploit, overflow, activex
systems | windows, xp, 7
advisories | CVE-2010-2590, OSVDB-69917
MD5 | 531840a38d272b1140c2fabb863d3a4f
Dolphin3D 1.52 / 1.60 Command Execution
Posted Dec 9, 2012
Authored by Rh0 | Site metasploit.com

This Metasploit module exploits the default security setting in the Dolphin3D web browser. The default security setting ("cautious") allows arbitrary ActiveX Controls, thus remote command execution.

tags | exploit, remote, web, arbitrary, activex
MD5 | ef252228773c0ca57252831ed2b52a04
Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow
Posted Nov 1, 2012
Authored by shinnai, sinn3r, b33f, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Aladdin Knowledge System's ActiveX component. By supplying a long string of data to the ChooseFilePath() function, a buffer overflow occurs, which may result in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution, activex
advisories | OSVDB-86723
MD5 | 40789844caa3e2d6a9f865696f2155f6
Aladdin Knowledge System Ltd. Active-X Buffer Overflow
Posted Oct 26, 2012
Authored by shinnai | Site shinnai.altervista.org

The Aladdin Knowledge System Ltd. PrivAgent active-x control version 2.0 suffers from buffer overflow and insecure file download vulnerabilities. Buffer overflow proof of concept included.

tags | exploit, overflow, vulnerability, activex, proof of concept
MD5 | 422a11e6eb6e42315f69e8973c8a4ef6
KeyHelp ActiveX LaunchTriPane Remote Code Execution
Posted Oct 11, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in the KeyScript ActiveX control from keyhelp.ocx. It is packaged in several products or GE, such as Proficy Historian 4.5, 4.0, 3.5, and 3.1, Proficy HMI/SCADA 5.1 and 5.0, Proficy Pulse 1.0, Proficy Batch Execution 5.6, and SI7 I/O Driver between 7.20 and 7.42. When the control is installed with these products, the function "LaunchTriPane" will use ShellExecute to launch "hh.exe", with user controlled data as parameters. Because of this, the "-decompile" option can be abused to write arbitrary files on the remote system. Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute it. Please note that this module currently only works for Windows before Vista. On the other hand, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3

tags | exploit, remote, arbitrary, code execution, activex
systems | windows, xp
advisories | CVE-2012-2516, OSVDB-83311
MD5 | 7317854142d614d9546fc0f02d463b9d
Cyme ChartFX Client Server Array Indexing
Posted Oct 4, 2012
Authored by Francis Provencher

Cyme ChartFX client server suffers from a vulnerability that is caused due to an indexing error in the "ShowPropertiesDialog()" method (ChartFX.ClientServer.Core.dll) of the ChartFX ActiveX Control. This can be exploited to write a single byte value to an arbitrary memory location via the "pageNumber" parameter. Successful exploitation may allow execution of arbitrary code.

tags | exploit, arbitrary, activex
MD5 | 7be0aa597f9b41970f0552f4257aa127
Secunia Security Advisory 50839
Posted Oct 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - catatonicprime has discovered a vulnerability in PowerTCP WebServer for ActiveX, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, activex
MD5 | fc54dffe6b30c3b84d8b5366f2536af1
HP ALM Remote Code Execution
Posted Sep 25, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability within the XGO.ocx ActiveX Control installed with the HP Application Lifecycle Manager Client. The vulnerability exists in the SetShapeNodeType method, which allows the user to specify memory that will be used as an object, through the node parameter. It allows to control the dereference and use of a function pointer. This Metasploit module has been successfully tested with HP Application Lifecycle Manager 11.50 and requires JRE 6 in order to bypass DEP and ASLR.

tags | exploit, activex
advisories | OSVDB-85152
MD5 | 932d2ea76a375f623765517fcfe5eb73
NTR ActiveX Control Check() Method Buffer Overflow
Posted Sep 22, 2012
Authored by Carsten Eiram, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.

tags | exploit, web, code execution, activex
systems | windows, vista, 7
advisories | CVE-2012-0266, OSVDB-78252
MD5 | d9429e02b0749c6070e28df7c47954a1
NTR ActiveX Control StopModule() Remote Code Execution
Posted Sep 22, 2012
Authored by Carsten Eiram, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, code execution, activex
advisories | CVE-2012-0267, OSVDB-78253
MD5 | de0a843ca0d9e37bb628a6ee0568795c
Secunia Security Advisory 50572
Posted Sep 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Honeywell HMIWeb Browser ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
MD5 | 745154b799b29e87c82bb88242c7de35
Page 3 of 37
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close