Secunia Security Advisory - Digital Security Research Group has discovered a vulnerability in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system.
a676b39bc4e5b0e6fd93e4754505782aZero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by first setting the 'Text' member of the object. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.
38179334ed74b524d84858c21e2faaf8Zero Day Initiative Advisory 12-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Render() method exposed by the ExportHTML.dll ActiveX control. This method causes a file to be written to an arbitrary path specified by the second argument (Output). The contents of the file can be controlled by manipulating the object members 'CssLocation', 'LayoutStyle' and 'EmbedCss'. The CssLocation member can be directed to a UNC path containing a file to be included in the file generated by the call to Render(). These behaviors can be exploited by an attacker to execute arbitrary code on the target system.
5b6f60a6045d953f1b2526307ef59b25Edraw Diagram Component 5 active-x buffer overflow proof of concept denial of service exploit.
5a3099601a2eb1fa3965cbeb5638f7cdSecunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in 2X ApplicationServer TuxSystem ActiveX Control, which can be exploited by malicious people to manipulate certain data.
66b36125598ff7ccef0d4ce7e66c8c54This Metasploit module exploits a vulnerability in Icona SpA C6 Messenger version 1.0.0.1. The vulnerability is in the Downloader ActiveX Control (DownloaderActiveX.ocx). The insecure control can be abused to download and execute arbitrary files in the context of the currently logged-on user.
1b0bd38a24487d48cf49672160173d79Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in LuraWave JP2 ActiveX Control, which can be exploited by malicious people to compromise a user's system.
b1e7724295055cc2d577af1e845b89b7EdrawSoft Office Viewer Component ActiveX version 5.6.5781 suffers from a buffer overflow vulnerability when parsing large amount of bytes to the FtpUploadFile member in FtpUploadFile() function, resulting memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code.
e540c339e50eef4b81df0e87bc189135Zero Day Initiative Advisory 12-020 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc and PrintFile functions exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by setting the 'Header' member and calling PrintFile() with the same path argument. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.
bc2a6396ce132c167f3e02fe5e0874bbZero Day Initiative Advisory 12-019 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.
d0dcbc9682d2fa02fba911b37eadea42Tracker Software pdfSaver ActiveX control (pdfxctrl.dll) version 3.60.0128 suffers from stack buffer overflow vulnerability.
c60d9b746f82351000d385b4d5a0aff2This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
e13897802c519c03ae5164b1d2ecb919This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embedding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs. Please note that this module currently only works for Windows before Vista.
b01ade0319dd4987b8285b4f21c4ed2eThis Metasploit module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport() function (located in the myCIOScn.dll ActiveX component) fails to check the FileName argument, and passes it on to a ShellExecuteW() function, therefore allows any malicious attacker to execute any process that's on the local system. However, if the victim machine is connected to a remote share (or something similar), then it's also possible to execute arbitrary code. Please note that a custom template is required for the payload, because the default Metasploit template is detectable by McAfee -- any Windows binary, such as calc.exe or notepad.exe, should bypass McAfee fine.
6d817e5714e3a0c4f6a944fe9d125063Secunia Security Advisory - Parvez Anwar has discovered a weakness in HP PKI ActiveX control, which can be exploited by malicious people to cause a DoS (Denial of Service).
99db8fbeef1228a24bcf15baabfcf122Zero Day Initiative Advisory 12-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor ActiveX control (CLSID: {466576F3-19B6-4FF1-BD48-3E0E1BFB96E9}). By passing an overlong string to the LoadXML() method it is possible to trigger a heap corruption vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected machine under the context of the user running the Internet Explorer process.
d1f3b59832903bc0bc3be958f66f68abZero Day Initiative Advisory 12-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
37c6d04112e9302eb6503a8c143322a0Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.
2c8a2024bca6163f58a076a2997feca7Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.
bb2fb73522f7d89a541f1a1680cf29bbSecunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system.
5715c66234cc1a6ab5e1329d36b1fbfeVUPEN Vulnerability Research Team discovered a vulnerability in Adobe Flash Player. The vulnerability is caused by an uninitialized stack variable when processing an invalid "SAlign" property of the Flash ActiveX control, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page. Versions prior to 11.1.102.55 are affected.
e073735e78894c1bef81c32816fbbfcdStack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
ac5ee43cfc0509841b6c9a26de949d06Secunia Security Advisory - Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control, which can be exploited by malicious people to compromise a user's system.
6cc43839265224a486979244ac256f6aSecunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
6617e4dcfda6c32a809c242d20e34a30Zero Day Initiative Advisory 11-318 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function LaunchProcess exposed via the LaunchHelp.dll ActiveX Control (ProgID LaunchHelp.HelpLauncher.1). The first argument to LaunchProcess is a path to a command to execute, but the argument is not sanitized and is subject to directory traversal. This can be exploited to execute arbitrary commands on the user's system.
0f118f1e9584f8acddb8f5c1771258e0
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed