This Metasploit module exploits a vulnerability in OpenOffice 2.3.1 and 2.3.0 on Microsoft Windows XP SP3. By supplying a OLE file with a malformed DocumentSummaryInformation stream, an attacker can gain control of the execution flow, which results arbitrary code execution under the context of the user.
c768b9282de90ed20180d7ae12452941Novell Client version 4.91 SP3/4 privilege escalation exploit for Win2K3 and WinXP.
e59e74f4b1cab13f13403229646f8b01This proof of concept code demonstrates a Microsoft Windows XP keyboard layouts pool corruption vulnerability, post MS12-034. The vulnerability exists in the function win32k!ReadLayoutFile() that parses keyboard layout file data.
34eea03ff3e3df7878c5cf5571892884Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.
c437473b3959e9b762550efe55331b27Microsoft Windows XP Win32k.sys local kernel denial of service exploit.
15bb2fb0c8febb7fb470ee9b29096508This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.
ebd008dd8851adbc04a4fd4966eddd59This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
3aae8f1a871387793558f0a991da878clibdvdcss is a cross-platform library for transparent DVD device access with on-the-fly CSS decryption. It currently runs under Linux, FreeBSD, NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win95/Win98, Win2k/WinXP, MacOS X, HP-UX, QNX, and OS/2. It is used by libdvdread and most DVD players such as VLC because of its portability and because, unlike similar libraries, it does not require your DVD drive to be region locked.
048134d398b4372a21ae304b9a9fa70bThis Metasploit module exploits a vulnerability in the bad nesting with SVG tags. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
168bd8d866cf701a6d946c4c4542c114This Metasploit module exploits a buffer overflow in ACDSee FotoSlate 4.0 Build 146 via a specially crafted id parameter in a String element. When viewing a malicious PLP file with the ACDSee FotoSlate product, a remote attacker could overflow a buffer and execute arbitrary code. This exploit has been tested on systems such as Windows XP SP3, Windows Vista, and Windows 7.
dc97219886104e2e0f19efe547d104d7This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
2e1e6745572f345c12fa0458940bb066This Metasploit module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted "fmt" chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.
6fd55d2d1f45a9927dfae4e3fc454d59This Metasploit module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results arbitrary code execution under the context of the user. This Metasploit module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7.
8d32c2e58191795b07f93bda0d49f7d6This Metasploit module exploits an use after free vulnerability in Mozilla Firefox 3.6.16. An OBJECT Element mChannel can be freed via the OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel becomes a dangling pointer and can be reused when setting the OBJECTs data attribute. This Metasploit module uses heapspray with a minimal ROP chain to bypass DEP on Windows XP SP3.
226da513f467beff325d11b4a252d257This Metasploit module exploits an use after free vulnerability in Mozilla Firefox 3.6.16. An OBJECT Element mChannel can be freed via the OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel becomes a dangling pointer and can be reused when setting the OBJECTs data attribute. This Metasploit module uses heapspray with a minimal ROP chain to bypass DEP on Windows XP SP3.
7ab6775d994afb4873ee9d2b8f923e5bWhitepaper called Defeating Data Execution Prevention and ASLR in Windows XP SP3. Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques.
a67067e8e0dae7f182a786213b30aed6This Metasploit module exploits a directory traversal and remote code execution flaw in EMC HomeBase Server 6.3.0. Note: This Metasploit module has only been tested against Windows XP SP3 and Windows 2003 SP2.
665a99f652864b621a656a91306656afMicrosoft Windows XP 64-bit calc.exe shellcode.
a6f38837e7d66ed3eabdf712af451a4bThis paper offers incremental research in the area of untrusted program input via synchronization handle manipulations. Unlike the Michal Zalewski paper on Delivering Signals for Fun and Profit, this paper focuses on the source of the Unix signal handlers. Tested were personal computers running Windows XP and Vista. The synchronization objects were mutexes and events, and the security software included products from AVG, Avast, Avira, BitDefender, BullGuard, CheckPoint, Eset, F-Prot, F-Secure, Kaspersky, McAfee, Microsoft (Security Essentials), Nor- man, Norton, Panda, PC Tools, Quick Heal, Symantec, and Trend Micro.
aac70063c0f24b89db81d54e930d2879The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application.
92cd55b8fe079cfffb6a7e5cdceb2fb133 bytes small Win32 egg searching shellcode that should work on all service packs of Microsoft Windows XP, 2k, and 2k3.
a9524dd50a13031010fe4e9dca0ee7f8Proof of concept exploit that demonstrates the Microsoft Windows XP WmiTraceMessageVa integer truncation vulnerability as described in MS11-011.
a030ca0f85ab41754f7bdf439317b6fbSolar FTP Server version 2.1 buffer overflow exploit. Tested on Windows XP SP3 EN.
3d208623c223d4f64aca11cffe9f5060228 bytes small Microsoft Windows XP SP3 EN null-free connect-back shellcode.
2e088e5ff54e3ed964db40cd7b87d36316 bytes small Windows XP SP3 EN calc.exe shellcode.
c0f377daad020f4520463946b53a5002
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed