Twenty Year Anniversary
Showing 76 - 100 of 927 RSS Feed

ActiveX Files

HP ALM Remote Code Execution
Posted Sep 25, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability within the XGO.ocx ActiveX Control installed with the HP Application Lifecycle Manager Client. The vulnerability exists in the SetShapeNodeType method, which allows the user to specify memory that will be used as an object, through the node parameter. It allows to control the dereference and use of a function pointer. This Metasploit module has been successfully tested with HP Application Lifecycle Manager 11.50 and requires JRE 6 in order to bypass DEP and ASLR.

tags | exploit, activex
advisories | OSVDB-85152
MD5 | 932d2ea76a375f623765517fcfe5eb73
NTR ActiveX Control Check() Method Buffer Overflow
Posted Sep 22, 2012
Authored by Carsten Eiram, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.

tags | exploit, web, code execution, activex
systems | windows, vista, 7
advisories | CVE-2012-0266, OSVDB-78252
MD5 | d9429e02b0749c6070e28df7c47954a1
NTR ActiveX Control StopModule() Remote Code Execution
Posted Sep 22, 2012
Authored by Carsten Eiram, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, code execution, activex
advisories | CVE-2012-0267, OSVDB-78253
MD5 | de0a843ca0d9e37bb628a6ee0568795c
Secunia Security Advisory 50572
Posted Sep 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Honeywell HMIWeb Browser ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
MD5 | 745154b799b29e87c82bb88242c7de35
Secunia Security Advisory 49311
Posted Sep 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in CyberLink KoanBox ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
MD5 | 3053b5bb61ffed79ba39198312c2ecb6
Zero Day Initiative Advisory 12-182
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WxSuperCtrl650.ocx ActiveX control. By manipulating a combination of the DisplayImageFile, AnnoLoad and AnnoSave methods, the vulnerable AnnoSave() method can enable an attacker to save arbitrary files inside arbitrary locations. The attacker is able to control the file extension and the creation path via a directory traversal issue. An attacker can leverage this vulnerability to execute code under the context of the process.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-2289
MD5 | ad5a7ee4b1191b037a60920e83550394
Zero Day Initiative Advisory 12-181
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins as well as the Microsoft Windows spooler service. When handling certain requests the client-file-name parameter is improperly copied to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM.

tags | advisory, remote, arbitrary, local, activex
systems | windows
advisories | CVE-2011-4186
MD5 | df64ac3cc732a46a7daea33b76ce9554
Zero Day Initiative Advisory 12-180
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Admin Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ISGrid.dll ActiveX control. The process performs insufficient bounds checking on user-supplied data passed in the DoFindReplace() method which results in heap corruption. This vulnerability can be leveraged to execute code under the context of the process.

tags | advisory, remote, arbitrary, activex
MD5 | b7dfbc22ec5b459a2bb61c0c4c715048
Zero Day Initiative Advisory 12-179
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AEXView.ocx ActiveX control. By manipulating a combination of the DisplayImageFile, AnnoLoad and AnnoSave methods, the vulnerable AnnoSave() method can enable an attacker to save arbitrary files in arbitrary locations. The attacker is able to control the file extension and the creation path via a directory traversal issue. An attacker can leverage this vulnerability to execute code under the context of the process.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-2289
MD5 | 6e275d5c3a1df639b7e1d8181951bc1a
Zero Day Initiative Advisory 12-170
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-170 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Application Lifecycle Management. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XGO.ocx ActiveX control. The control exposed two vulnerable functions: 'SetShapeNodeType', which is vulnerable to a type confusion allowing user specified memory to be used as an object; and 'CopyToFile' which allows an attacker to create and overwrite files on the system of the user invoking the control. The attacker can utilize these vulnerabilities to execute remote code under the context of the process.

tags | advisory, remote, arbitrary, vulnerability, activex
MD5 | f5cac49510746837c5ebaca13344667e
Zero Day Initiative Advisory 12-169
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-169 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Historian. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the KeyHelp.ocx ActiveX control. The control contains a LaunchTriPane function that allows launching of the HTML Help executable (hh.exe) with customized command line parameters. By using the -decompile switch, an attacker can specify the folder to decompile to and a UNC path to a specially crafted .chm file. The attacker can utilize this vulnerability to execute remote code under the context of the process.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-2516
MD5 | 3b0052bbe971789bdcac74947574989e
Zero Day Initiative Advisory 12-168
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. The process performs insufficient bounds checking on user-supplied data passed in as the 'InternationalSeparator' parameter which results in a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2011-0340
MD5 | 86f79d24c79266e247ebd6d26713d071
Zero Day Initiative Advisory 12-156
Posted Aug 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco AnyConnect VPN Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to insufficient signature checks with the Cisco AnyConnect VPN Client. When the client is invoked through the ActiveX control it downloads and checks a file called vpndownloader.exe. This file has to be properly signed by Cisco. Once this file is downloaded it is run and downloads additional configuration files. Within the downloaded config file it is possible to force a download of executable files. Those files are not properly checked for valid certificates and are run on the host as soon as they are downloaded.

tags | advisory, remote, arbitrary, activex
systems | cisco
advisories | CVE-2012-2493
MD5 | 7600cb6a10067078a37e9f299555a890
Zero Day Initiative Advisory 12-155
Posted Aug 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-155 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2011-0340
MD5 | 70ac71b6b8a3f03bf97e313efce6e149
Adobe Flash Player 11.3 Font Parsing Code Execution
Posted Aug 17, 2012
Authored by sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.

tags | exploit, remote, arbitrary, code execution, activex
advisories | CVE-2012-1535, OSVDB-84607
MD5 | e01299565c3420ecbac1bfe81c71d308
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
Posted Aug 7, 2012
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).

tags | exploit, java, web, overflow, code execution, activex
advisories | CVE-2012-0549, OSVDB-81439
MD5 | 301b2e3f021a35617717fcccfd8f4870
Ubisoft uplay 2.0.3 Active X Control Arbitrary Code Execution
Posted Aug 7, 2012
Authored by Tavis Ormandy, Richard Hicks, phillips321, Ben Campbell | Site metasploit.com

The uplay ActiveX component allows an attacker to execute any command line action. User must sign in, unless auto-sign in is enabled and uplay is not already running. Due to the way the malicious executable is served (WebDAV), the module must be run on port 80, so please ensure you have proper privileges. Ubisoft released patch 2.04 as of Mon 20th July.

tags | exploit, activex
advisories | OSVDB-84402
MD5 | d11a8dbcc1ac1eb4891e9236623d06ea
Zero Day Initiative Advisory 12-134
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QP2.cab ActiveX control. When passing a long string argument to the Attachment_Times or Import_Times parameters during the control's instantiation it is possible to overflow a stack buffer causing memory corruption. This can be leveraged by an attacker to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-2176
MD5 | ed2e52c95096a4f85ce14dc4a4b7f9dd
Zero Day Initiative Advisory 12-132
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus iNotes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dwa85W.cab ActiveX control. When passing a long string argument to the Attachment_Times parameter during the control instantiation it is possible to overflow a stack buffer causing memory corruption. This can be leveraged by an attacker to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-2175
MD5 | 1a87b7a70ab1f842064e21890f64dd2d
Citrix Access Gateway Plug-in For Windows nsepacom Buffer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via an overly long "CSEC" HTTP response header. Successful exploitation allows execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2592
MD5 | 1bc295b946271ecd2579f8f939622ef7
Citrix Access Gateway Plug-in For Windows nsepacom Integer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation may allow execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2593
MD5 | d7652baa48d94a73aa28dc3115aece5e
BarCodeWiz Barcode 4.0.0.0 Buffer Overflow
Posted Jul 25, 2012
Authored by coolkaveh

BarCodeWiz Barcode version 4.0.0.0 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
MD5 | eba843171fda2096b63e0e26ec6662f3
Morovia Barcode File Overwrite
Posted Jul 24, 2012
Authored by coolkaveh

Morovia Barcode Professional version 3.8.0 suffers from an active-x file overwrite vulnerability.

tags | exploit, activex
MD5 | 12043f26a13c2a9bacef663d3301fe9a
Cisco Linksys PlayerPT Active-X SetSource() Buffer Overflow
Posted Jul 17, 2012
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.

tags | advisory, overflow, arbitrary, activex
systems | cisco
advisories | CVE-2012-0284
MD5 | 7f6a48e8406e1e958428ab0ef9b73cf2
WinGraphviz Heap Overflow
Posted Jul 15, 2012
Authored by coolkaveh

WinGraphviz suffers from an active-x heap overflow vulnerability.

tags | exploit, overflow, activex
MD5 | d8d522669686ab7b752ca1c6b15bbd63
Page 4 of 38
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    10 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close