Windows Media Encoder is prone to a vulnerability that may allow the execution of any library file named wmerrorENU.dll, if this dll is located in the same folder as a .PRX file. The attacker must entice a victim into opening a specially crafted .PRX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Windows Live Mail is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder as an .EML file. The attacker must entice a victim into opening a specially crafted .EML file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
The vulnerability is on IDF entry of tif/tiff image format, the Kodak Image Viewer reserves a insufficient buffer in the stack for write the entry to it. When Kodak Image Viewer opens the file, it produces a stack overflow and install an agent.
This module exploits a buffer overflow in the Microsoft Internet Explorer when calling the 'setSlice' method of the WebViewFolderIcon.WebViewFolderIcon.1 ActiveX object with the first parameter set to 0x7ffffffe. This causes an invalid memory copy and may result in arbitrary code execution and/or a loss of availability for the browser.
This module exploits a buffer overflow in the Microsoft Internet Explorer via a Stack-based buffer overflow in Microsoft Internet Explorer allowing remote attackers to execute arbitrary code via a long fill parameter within a rect tag in a Vector Markup Language (VML) file.
A remote code execution vulnerability exists in the way that Windows handles cursor, animated cursor, and icon formats. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message (MS07-017)
This module exploits a vulnerability in Winamp Player when parsing the Ultravox Streaming metadata. This module runs a web server waiting for vulnerable clients (Internet Explorer, Opera or Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Subscribe to Client Side