This vulnerability is a buffer overflow and allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver without authentication.



The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack buffer ovreflow.

This module exploits two vulnerabilities in HP SiteScope to gain remote code execution. The first vulnerability is an authentication bypass in the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service to grab the administrator credentials from the server running HP SiteScope. The second vulnerability is a directory traversal in the UploadFileHandler url that allows to upload files to the server into a directory that allows for scripting.

This update only adds CVE number.

A buffer overflow vulnerability in crs.exe when handling requests with opcode 211.

Corel Paint Shop Pro is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .JPG file.

This module exploits a Use-After-Free vulnerability in Adobe Reader when handling a specially crafted PDF file.



This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This updates improves the reliability of Microsoft Internet Explorer Tabular Data Control ActiveX Exploit.

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 holds a memory corruption vulnerability that allows the bypassing of "dataOffsets[]" boundary checks. This module exploits such vulnerability allowing for remote code execution.

An error in the way the GetSanitizedParametersFromNonQuotedCmdLine() function in the Internet Explorer broker process handles command-line arguments when trying to launch a program can be exploited to escape from the Internet Explorer Protected Mode sandbox.

This module allows an agent running in the context of iexplore.exe with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level.

This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters.

This module exploits a vulnerability in Mac OS X Samba server.

When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow.



This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ).

Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions.