exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 933 RSS Feed

ActiveX Files

StarUML Buffer Overflow
Posted Aug 3, 2013
Authored by d3b4g

StarUML suffers from an active-x buffer overflow vulnerability in WinGraphviz.dll.

tags | exploit, overflow, activex
SHA-256 | a8d94b18626e5b59a73980f526dd3aff048ed84051f5615710da80410c908485
TEC-IT TBarCode OCX ActiveX Control Buffer Overflow
Posted Aug 1, 2013
Authored by d3b4g

TEC-IT TBarCode OCX active-x control TBarCode4.ocx version 4.1.0 buffer overflow proof of concept exploit.

tags | exploit, overflow, activex, proof of concept
SHA-256 | 9e7504858cd2b2e3b4c2b733618f991d98aa8fa02a48edb3d38372d57d04fb75
AXIS Media Control Active-X File Corruption
Posted Jun 13, 2013
Authored by Javier Repiso Sanchez

AXIS Media Control suffers from an ActiveX file corruption vulnerability. The vulnerability exists due to the ActiveX control including insecure "StartRecord()", "SaveCurrentIm age()" and "StartRecordMedia()" methods in "AxisMediaControlEmb.dll" DLL. This can be exploited to corrupt or create arbitrary files in the context of the current user.

tags | exploit, arbitrary, activex
advisories | CVE-2013-3543
SHA-256 | 2c7f0f9dc413f306ab4175eaf1c5a26e6f9f46c26e980683a1c746fe13d1344a
Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow
Posted Jun 10, 2013
Authored by sinn3r, h1ch4m | Site metasploit.com

This Metasploit module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX component, specifically PDF_IN_1.ocx. When a long string of data is given to the ConnectToSynactis function, which is meant to be used for the ldCmdLine argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry class pointer saved on the stack, and results in arbitrary code execution under the context of the user. Also note that since the WinExec function is used to call the default browser, you must be aware that: 1) The default must be Internet Explorer, and 2) When the exploit runs, another browser will pop up. Synactis PDF In-The-Box is also used by other software such as Logic Print 2013, which is how the vulnerability was found and publicly disclosed.

tags | exploit, arbitrary, code execution, activex
advisories | OSVDB-93754
SHA-256 | 717b46a540961e751ccf7b61962579a6966ed5098437c588fd29d0ce3364ac7b
Java Applet Driver Manager Privileged toString() Remote Code Execution
Posted Jun 10, 2013
Authored by juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module abuses the java.sql.DriverManager class where the toString() method is called over user supplied classes, from a doPrivileged block. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.

tags | exploit, java, web, activex
advisories | CVE-2013-1488, OSVDB-91472
SHA-256 | 1b4db1b27c17aab0b21ca54b384927fd35c2a31fb00fd5b3dfb2d240422f385f
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution
Posted Jun 2, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit modules exploits a vulnerability found in the Oracle WebCenter Content CheckOutAndOpenControl ActiveX. This vulnerability exists in openWebdav(), where user controlled input is used to call ShellExecuteExW(). This Metasploit module abuses the control to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the CheckOutAndOpenControl ActiveX installed with Oracle WebCenter Content 11.1.1.6.0.

tags | exploit, remote, arbitrary, activex
advisories | CVE-2013-1559, OSVDB-92386
SHA-256 | b0e1c2b4d5000f5d54ab03faad81b1e6f76cdaf93878521b78deb176531d5582
SIEMENS Solid Edge ST4 SEListCtrlX Code Execution
Posted May 28, 2013
Authored by rgod | Site retrogod.altervista.org

SIEMENS Solid Edge ST4 SEListCtrlX active-x control SetItemReadOnly suffers from an arbitrary memory rewrite remote code execution vulnerability. Proof of concept included.

tags | exploit, remote, arbitrary, code execution, activex, proof of concept
systems | linux
SHA-256 | 6c6ea1a9c072ee2af175d48c30c8a9025b2eddad5dddcf7ee400ddb53f111796
IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
Posted May 28, 2013
Authored by Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap based buffer overflow in the C1Tab ActiveX control, while handling the TabCaption property. The affected control can be found in the c1sizer.ocx component as included with IBM SPSS SamplePower 3.0. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2012-5946, OSVDB-92845
SHA-256 | 99fdd7d6b7ffc3bcb3ad029cfcdb362a9cb2e0bb387ffdddfabe715b79e167a0
SIEMENS Solid Edge ST4 WebPartHelper Command Execution
Posted May 27, 2013
Authored by rgod | Site retrogod.altervista.org

SIEMENS Solid Edge ST4 WebPartHelper active-x control RFMSsvs!JShellExecuteEx suffers from a remote command execution vulnerability. Proof of concept included.

tags | exploit, remote, activex, proof of concept
systems | linux
SHA-256 | bba4a31d339af5605fe114b27057d1acf37770767071972f2e917ba1e3684b20
Borland Silk Central 12.1 TeeChart Pro Code Execution
Posted Apr 26, 2013
Authored by rgod | Site retrogod.altervista.org

Borland Silk Central version 12.1 TeeChart Pro active-x control suffers from an AddSeries remote code execution vulnerability.

tags | advisory, remote, code execution, activex
SHA-256 | 3487efa60e709db37782fa39c6eb16e87b57eb70ce5b1c0251f9a7ceec7a159a
Java Web Start Launcher Memory Corruption
Posted Apr 17, 2013
Authored by A. Antukh | Site sec-consult.com

The Java active-x control in Java Web Start Launcher suffers from a memory corruption vulnerability.

tags | exploit, java, web, activex
advisories | CVE-2013-2416
SHA-256 | bda67853310f31100eb0d7eabe5f41ccba0af48ed6d9d0588dbc627b879ca5c2
McAfee Virtual Technician (MVT) 6.5.0.2101 Unsafe Active-X
Posted Mar 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

McAfee Virtual Technician (MVT) 6.5.0.2101 suffers from an exposed unsafe active-x method.

tags | exploit, activex
advisories | CVE-2012-5879
SHA-256 | 55fc445bc2332b108a292b07dc1275003a836cf017d276122b75dab94844b2a7
LiquidXML Studio 2012 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2012 active-x insecure method executable file creation exploit.

tags | exploit, activex
SHA-256 | 6229e6a4ed53e4f7fa659d84fce3e63cba583a5308f9dd12b2ecceb5f4d277b4
LiquidXML Studio 2010 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2010 active-x insecure method executable file creation exploit.

tags | exploit, activex
SHA-256 | d7802fe8f8971ac958b1ceae16b3c8417f9ad33014ba900fd85193453802609e
Mitsubishi MX Component Active-X Code Execution
Posted Mar 25, 2013
Authored by Dr_IDE

Mitsubishi MX Component version 3 remote exploit that binds a shell to port 5500.

tags | exploit, remote, shell, activex
SHA-256 | f9719948c2c98d6b095ce092b25be702eceda9fb377c0bb7f0b7c81a29f57509
EastFTP Active-X Code Execution
Posted Mar 22, 2013
Authored by Dr_IDE

EastFTP Active-X control version 4.6.02 code execution exploit.

tags | exploit, code execution, activex
SHA-256 | 47eaaf588524ad7407e7c1eb004c09636584ead0b6cece7bf2405b531a30fe71
Siemens Security Advisory 714398
Posted Mar 21, 2013
Authored by Siemens ProductCERT | Site siemens.com

WinCC stores Windows user credentials (user names and passwords) in a database. Authenticated users can log into this database, break the existing obfuscation and extract passwords. Furthermore, the database permissions allowed unprivileged users to gain access to sensitive data. A third vulnerability was found in the WinCC web server, where authenticated users could browse the file system via URL manipulation and extract sensitive information. A fourth vulnerability was found in the ActiveX component "RegReader", which is vulnerable to a buffer overflow and possible remote code execution. Manipulated project files can trigger a fifth vulnerability, which can allow an attacker to take over the WinCC PC. Furthermore a communication component called CCEServer is vulnerable to a remote buffer overflow that can be triggered over the network.

tags | advisory, remote, web, overflow, code execution, activex
systems | windows
SHA-256 | 871db31131d047fe9c609554c28f03dc8cf0ca905160d6f028d4e6fe6945be60
Honeywell HSC Remote Deployer ActiveX Remote Code Execution
Posted Mar 11, 2013
Authored by juan vazquez | Site metasploit.com

This Metasploit modules exploits a vulnerability found in the Honeywell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the HSC Remote Deployer ActiveX installed with HoneyWell EBI R410.1.

tags | exploit, remote, arbitrary, activex
advisories | CVE-2013-0108, OSVDB-90583
SHA-256 | 1f3cef2a50e87d41ca54ec3ec66187a9eab588ff63fb1178c75bc47d21f21a3c
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
Posted Feb 12, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the Novell GroupWise Client gwcls1.dll ActiveX. Several methods in the GWCalServer control use user provided data as a pointer, which allows to read arbitrary memory and execute arbitrary code. This Metasploit module has been tested successfully with GroupWise Client 2012 on IE6 - IE9. The JRE6 needs to be installed to achieve ASLR bypass.

tags | exploit, arbitrary, activex
advisories | CVE-2012-0439, OSVDB-89700
SHA-256 | 2bb2812e974be928ec96a6f900361814c1ad01f386937d1ecad587eb0c260f83
Aloaha PDF Crypter 3.5.0.1164 File Overwrite
Posted Jan 24, 2013
Authored by shinnai | Site shinnai.altervista.org

Aloaha PDF Crypter version 3.5.0.1164 suffers from an active-x arbitrary file overwrite vulnerability.

tags | exploit, arbitrary, activex
SHA-256 | 7fa8744017306fcb9f8b6287e11861e540f90887c71065266540838aa74a25cd
Honeywell Tema Remote Installer ActiveX Remote Code Execution
Posted Jan 10, 2013
Authored by juan vazquez, Terry McCorkle, Billy Rios | Site metasploit.com

This Metasploit modules exploits a vulnerability found in the Honeywell Tema ActiveX Remote Installer. This ActiveX control can be abused by using the DownloadFromURL() function to install an arbitrary MSI from a remote location without checking source authenticity or user notification. This Metasploit module has been tested successfully with the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and Internet Explorer 6, 7 and 8 on Windows XP SP3.

tags | exploit, remote, arbitrary, activex
systems | windows
advisories | OSVDB-76681
SHA-256 | b30345fc0ce669f179e6185df91c57d68d20a383c5a011c0ba877c1319ef539b
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2012-2176, OSVDB-82166
SHA-256 | 2570396e9a994f0f9128106991e69dcb968d0dde0fbe6d004afd9587713e5cbb
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2012-2175, OSVDB-82755
SHA-256 | a5379e9a43da683cd4806d1f1e1d548d9998b0760444a32f658bcd9210c0c210
Zero Day Initiative Advisory 12-203
Posted Dec 22, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-203 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ActiveX control defined within the HSCDSPRenderDll.dll file. The RequestDSPLoad method does not properly verify the length of a supplied argument before copying it into a fixed-length heap buffer. A remote attacker can abuse this to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-2054
SHA-256 | 4ac919bae121d6edc00347b47cae4d1aa8f60447c1cb6d2bc673cf9f19bcb690
Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
Posted Dec 18, 2012
Authored by Dr_IDE, Dmitriy Pletnev, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1. The module uses the msvcr71.dll library, loaded by the affected ActiveX control, to bypass DEP and ASLR.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2010-2590, OSVDB-69917
SHA-256 | e2e444f4f608cf2a5267e52972251a3f6dc63fb45578a2ac18f6eb5ad4684ec0
Page 3 of 38
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close