Zero Day Initiative Advisory 12-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASX meta files. When the code within wmp.dll attempts to process the version string within a meta file, it copies it to a fixed-length buffer on the stack without checking that the destination can contain the input data. This can be abused remotely by attackers to execute arbitrary code under the context of the user running the media application.
7f261e288463a8955d67d85374f39877Technical Cyber Security Alert 2012-45A - There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Silverlight, Office, and Microsoft Server Software. Microsoft has released updates to address these vulnerabilities.
1f94ee094136e2eb0e03c82ef2f44f77Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
63193c339993fd959b3011d90db16604Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
7b7d4a9888aeb80562e3d6cf4b6f37b8Win32 speaking shellcode that says "You are owned!" when injected into a process.
99f385bd5fa8d2441dadf37cbc51df9eThis Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.
ebd008dd8851adbc04a4fd4966eddd59This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.
e17d0ef919b2eabebc9761c4abdea8c7HP Security Bulletin HPSBMU02742 SSRT100740 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerability could be exploited remotely resulting in unauthorized disclosure of information. Revision 1 of this advisory.
57047318dd58f23010563d1d2579124fafick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
6fa2d357839fc75138ef2ca287b0ae59This whitepaper analyzes the MIDI remote code execution vulnerability found in the Windows Multimedia Library. Written in Turkish.
86b73a0bd44eecf2f0ae4fc449aeb170HP Security Bulletin HPSBMU02738 SSRT100748 - A potential security vulnerability has been identified with HP Network Automation running on Linux, Solaris, and Windows. The vulnerability could be exploited remotely to gain unauthorized access. Revision 1 of this advisory.
3e1ae08670924b89cdb716991dd19062Win32/XP Pro SP3 (EN) 32-bit beep beep shellcode.
861c8d26c5ad427084a84f88767aa3d1This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
e13897802c519c03ae5164b1d2ecb919P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
aea524324828790b24a90be3bb7a0d93MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
385680c16fb7ecb345d7806a5ee31843This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embedding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs. Please note that this module currently only works for Windows before Vista.
b01ade0319dd4987b8285b4f21c4ed2eThis Metasploit module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport() function (located in the myCIOScn.dll ActiveX component) fails to check the FileName argument, and passes it on to a ShellExecuteW() function, therefore allows any malicious attacker to execute any process that's on the local system. However, if the victim machine is connected to a remote share (or something similar), then it's also possible to execute arbitrary code. Please note that a custom template is required for the payload, because the default Metasploit template is detectable by McAfee -- any Windows binary, such as calc.exe or notepad.exe, should bypass McAfee fine.
6d817e5714e3a0c4f6a944fe9d125063The Exploit Next Generation® SQL Fingerprint tool uses well-known techniques based on several public tools capable of identifying the Microsoft SQL Server version (such as: SQLping and SQLver), but, instead of showing only the "raw version" (i.e., Microsoft SQL Version 10.00.2746), the Exploit Next Generation® SQL Fingerprint shows the mapped Microsoft SQL Server version (i.e., Microsoft SQL 2008 SP1 (CU5)).
6757930a2010359d3e06309e60bd4db4Proof of concept malicious .docm file that exploits the Microsoft Windows Assembly Execution vulnerability as described in MS12-005.
70632bf8d9461a54e125937fb11edddcHP Security Bulletin HPSBPI02698 SSRT100404 2 - A potential security vulnerability has been identified with HP Easy Printer Care Software Running on Windows. The vulnerability can be remotely exploited to write arbitrary files to the system and execute them via the browser. Revision 2 of this advisory.
16eb0b1a2393124735ff116269a6a0b7Technical Cyber Security Alert 2012-10A - There are multiple vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software. Microsoft has released updates to address these vulnerabilities.
a6c695a97f3888dea121b14c5014c6ddSecunia Security Advisory - Parvez Anwar has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
95e33f95c6bbd0cdbe812e44ec610948Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
9fa7a09cf9906abea20b77b7e66fb73cSecunia Security Advisory - A weakness has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security features.
a41182275c5ccf8efb730c1446cf7ba2Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
eb557e49c986de2d9c40271502f1ee9e
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed