A stack-based buffer overflow in UltraISO allows an attacker to execute arbitrary code via crafted .CCD and .IMG file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
TweakFS Zip contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in TweakFS Zip when handling .ZIP files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .ZIP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
TuneUp Utilities is prone to a vulnerability that may allow execution of wscapi.dll if this dll is located in the same folder than a .TVS file. The attacker must entice a victim into opening a specially crafted .TVS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
TUGZip is vulnerable to a stack buffer overflow due to improper parsing of the filename parameter within zip file if an overly long filename is provided. The exploit is triggered when the user opens the malicious ZIP file using from the windows explorer or from the main interface of the program. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by opening the file.
Triologic Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Triologic Player when handling misleading m3u files. This situation leads to a buffer overflow and allows an attacker to overwrite an SEH Pointer and get control of execution. This is an UNICODE overflow so special shellcode must be considered. This vulnerability can be exploited via a specially crafted .m3u file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a vulnerability in the UfPBCtrl.dll control included in the Trend Micro Internet Security Pro 2010 ActiveX application. The exploit is triggered when the extSetOwner() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Total Video Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Total Video Player when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Subscribe to Client Side