This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
7f81f603a6854e3ccdd3b055f6fe853eThis is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encounted when using the equivalent bind payloads. Your mileage may vary.
4e417beb7a5d0d2ab86d8e944de79bf6Exploit for a buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server for versions 2.4.3 and below. Note that the vulnerable code only exists in versions compiled with the --enabled-kbind option.
b23616b663333deb2fb8aa86d6dceb05There is a remotely exploitable buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server for versions 2.4.3 and below. Note that the vulnerable code only exists in versions compiled with the --enabled-kbind option.
556f08e3c45be942cff3c7201c4a3991OpenSSL v0.9.6d and below remote exploit for Apache/mod_ssl servers which takes advantage of the KEY_ARG overflow. Tested against most major Linux distributions. Gives a remote nobody shell on Apache and remote root on other servers. Includes an OpenSSL vulnerability scanner which is more reliable than the RUS-CERT scanner and a detailed vulnerability analysis.
6c37282f541f13add85e5b2b76e3678eonesixtyone 0.3 is an efficient SNMP scanner which utilizes a sweep technique to achieve good performance. It finds SNMP devices on your network and brute-forces the community strings using a dictionary. It is possible to scan a class B network (65536 ip addresses) in under 13 minutes with a high degree of accuracy. Tested on Linux, FreeBSD, OpenBSD and Solaris.
25b5366a68ff3dd777e99ddc230dc890Onesixtyone 0.2 is an efficient SNMP scanner which utilizes a sweep technique to achieve good performance. It finds SNMP devices on your network and brute-forces the community strings using a dictionary. It is possible to scan a class B network (65536 ip addresses) in under 13 seconds with a high degree of accuracy.
b3fd79076e22298a60d62230c0e5d57fThis paper describes in detail the exploitation of the libc locale format string vulnerability on Solaris/SPARC. The full source code for the exploit is presented and some details of the implementation are discussed.
87e33640b70adf716cef2f0164b34652This article explains the basics of Windows 9x kernel module development and contains the full source of a VXD based loadable kernel module (LKM) named Burning Chrome which captures TCP and dialup traffic and emails captured passwords. It is virtually undetectable with standard windows tools.
5ad2975cd03a01b3de5ce1b521f22ddaRiched20.dll, which Microsost wordpad uses, is vulnerable to a buffer overflow attack. This paper gives lots of detailed information on of exploiting this vulnerability.
c1db288d66cba78cee633ef098b3166b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed