This module exploits a stack buffer overflow in Wireshark when opening a crafted .PCAP file, resulting in arbitrary code execution. This module bypass DEP using ROP techniques. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a stack buffer overflow in Wireshark when opening a crafted .PCAP file, resulting in arbitrary code execution. This module bypass DEP using ROP techniques. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a vulnerability to make WireShark run an arbitrary LUA script using a method similar to DLL hijacking when opening a .PCAP file. The attacker must entice a victim into opening a .PCAP file. This file and the associated LUA script may be delivered to a user through remote WebDAV shares.

Wireshark is prone to a vulnerability that may allow execution of airpcap.dll if this dll is located in the same folder than .PCAP file. The attacker must entice a victim into opening a specially crafted .PCAP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the WinZip FileView ActiveX control vulnerability.

The ATT Windows VNC client ships with a remotely exploitable buffer overflow. By providing a specially crafted response a malicious server has the ability to obtain access to the client machine and execute arbitrary commands as the user running the client software.

The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

The vulnerability is caused due to boundary errors in lzh.fmt within the processing of LHA archives. This can be exploited to cause a stack-based buffer overflow when a specially crafted file with an overly long filename is opened.

This module exploits a vulnerability located in the parameter parser of the Microsoft Windows WinHLP facility. This facility is used by the Microsoft Internet Explorer web browser.

WinHex is prone to a vulnerability that may allow the execution of any library file named hash.dll, if this dll is located in the same folder as a .WHX file. The attacker must entice a victim into opening a specially crafted .WHX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.