Adobe Photoshop version CS5.1 U3D.8BI suffers from a library collada asset elements stack based buffer overflow vulnerability. Proof of concept included.
83481dcbc6cdedc521b301d85efa9b95This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user.
bbac038f59ff5043622883a24f875349McAfee Virtual Technician version 6.3.0.1911 suffers from a MVT.MVTControl.6300 GetObject() active-x control security bypass remote code execution vulnerability.
fac7449425b40ef4af6501db05a9f65cThis Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.
a673fc29a3cf976653bc571ec7e98a0fThis Metasploit module exploits a buffer overflow vulnerability in the Isig.isigCtl.1 ActiveX installed with IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. The vulnerability is found in the "RunAndUploadFile" method where the "OtherFields" parameter with user controlled data is used to build a "Content-Disposition" header and attach contents in a insecure way which allows to overflow a buffer in the stack.
4e9032b334315bf475fe1ffff1a62448This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
15d2d978ad455bf415028fd1a31ba6b3Quest Toad for Oracle Explain Plan Display active-x control QExplain2.dll version 6.6.1.1115 suffer from a remote file creation / overwrite vulnerability.
e421d16fdae33bbeab25135ada0f6200Quest vWorkspace version 7.5 Connection Broker client active-x control pnllmcli.dll version 7.5.304.547 suffers from a SaveMiniLaunchFile() method remote file creation / overwrite vulnerability.
e754b5667e1ae5b901e416d50de45d9dQuest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.
84489670abd3064d7d471a694834f77bThe D-Link SecuriCam DCS-5605 Network Surveillance DcsCliCtrl.dll active-x control suffers from a buffer overflow vulnerability. Proof of concept code included.
186fc27b271ab8fae99dc2b6c7e73403Quest InTrust version 10.4.x with Annotation Objects active-x control ANNOTATEX.DLL suffers from a remote code execution vulnerability. Proof of concept code included.
5d05c8e87a3a1a15340993927cee6c2dThe TRENDnet SecurView TV-IP121WN wireless internet camera UltraMJCam active-x control suffers from an OpenFileDlg() WideCharToMultiByte remote buffer overflow. Proof of concept code included.
bfdc95f34b587a6220c980b11b687525Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT active-x control (PlayerPT.ocx) suffers from a sprintf buffer overflow vulnerability. Version 1.0.0.15 is affected.
730bb028ae282480a4815fc29333f4f2This Metasploit module exploits a vulnerability in Dell Webcam's CrazyTalk component. Specifically, when supplying a long string for a file path to the BackImage property, an overflow may occur after checking certain file extension names, resulting in remote code execution under the context of the user.
42ff81cf9b2a268c16c81ea33c65e47cGoogle Talk suffers from a gtalk:// deprecated URI handler /gaiaserver parameter injection vulnerability.
3ac7b626f40d8ffe91ce33e039755e7dThe Dell Webcam software bundled active-x control CrazyTalk4Native.dll suffers from a remote buffer overflow vulnerability.
46a3633162cfd36bb9ad8e41945a01faLANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote arbitrary file deletion vulnerability.
5bd1f53d535b56bdac715abd0ce779c8ManageEngine Device Expert version 5.6 suffers from a Java Server ScheduleResultViewer servlet unauthenticated remote directory traversal vulnerability.
22b3da91562b5553003f5850ffc6944fLANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote code execution vulnerability.
427d81acba32c9ed18437de98ddfe7ec2X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll.
1450012685a5458cee5591d5dfd4355b2X Application Server version 10.x suffers from a TuxSystem class active-x control file overwrite involving TuxScripting.dll.
fb12d3e817e693fc4975826b5c52f488This Metasploit module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport() function (located in the myCIOScn.dll ActiveX component) fails to check the FileName argument, and passes it on to a ShellExecuteW() function, therefore allows any malicious attacker to execute any process that's on the local system. However, if the victim machine is connected to a remote share (or something similar), then it's also possible to execute arbitrary code. Please note that a custom template is required for the payload, because the default Metasploit template is detectable by McAfee -- any Windows binary, such as calc.exe or notepad.exe, should bypass McAfee fine.
6d817e5714e3a0c4f6a944fe9d125063Oracle Hyperion Strategic Finance client version 12.x Tidestone Formula One workbook OLE control TTF16 (6.3.5 Build 1) SetDevNames() remote heap overflow exploit.
c0fdc96d0b43e949d854c68d5e7cc7edOracle Hyperion Financial Management suffers from a code execution vulnerability in the TList6 active-x control.
f2b652a4c61fb020064defd54fcd5737Oracle DataDirect ODBC drivers HOST attribute arsqls24.dll stack-based buffer overflow proof of concept exploit that creates a malicious .oce file.
198b80a5a60c8ea162c7e3b9369d4d8a
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed