ZipWrangler contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in ZipWrangler when handling .ZIP files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .ZIP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The vulnerability is caused due to a boundary error within the handling of .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a vulnerability in the sasatl.dll control included in the Zenturi ProgramChecker ActiveX application. The exploit is triggered when the DebugMsgLog() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This update adds support for Windows Vista. This module exploits a vulnerability in the Yahoo Messenger Webcam 8.1 ActiveX Control(ywcvwr.dll). When the Receive() method processes a long string argument, a stack based buffer overflow occurs allowing execution of arbitrary code.This exploit is triggered when an unsuspecting user is lured into visiting a malicious web-site hosted by Core Impact. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Yahoo! Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Yahoo! Player when handling .YPL files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .YPL file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a vulnerability in the Yahoo Music Jukebox ActiveX Control(datagrid.dll). When the AddButton() method processes a long string argument, a stack based buffer overflow occurs allowing execution of arbitrary code. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
A security vulnerability with the way XnView processes TAAC files may allow a remote unprivileged user who provides a TAAC document that is opened or previewed by a local user to execute arbitrary commands on the system with the privileges of the user running XnView. This can be exploited to cause a buffer overflow when a specially crafted file is opened or previewed. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Subscribe to Client Side