This module exploits a vulnerability in the ntractivex118.dll module included in the NTRglobal NTR Activex Control application. The exploit is triggered when the StopModule() method processes a crafted argument resulting in a buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7 and 8 in Windows XP to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
A buffer overflow vulnerability when handling a url can be exploited via a crafted "bstrParams" parameter passed to the "Check()" method. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module allows remote attackers to place arbitrary files on a temporary folder in the AdminStudio LaunchHelp.dll ActiveX Control (LaunchHelp.dll 9.5.0.0). Code execution can be achieved by first uploading a vbs file, the vbs script request an exe file and execute it. This module runs a web server waiting for vulnerable clients (Internet Explorer 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in the ienipp.ocx control included in Novell iPrint Client v4.32 and prior. The exploit is triggered when the ExecuteRequest() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in the ienipp.ocx control included in the Novell iPrint Client application. The exploit is triggered when the Target Frame parameter processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The flaw exists within the nipplib.dll component. When handling the exposed method GetDriverSettings the application assembles a string for logging consisting of the hostname/port provided as a parameter. When building this message the process will blindly copy user supplied data into a fixed-length buffer on the stack.
A buffer overflow vulnerability in Novell iPrint within the handling of functions that take a URI as a parameter allows arbitrary command execution when a user loads a specially crafted web page. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a stack-based buffer overflow vulnerability in the Novell iPrint Client by passing an overly long 'printerUri' parameter to the GetDriverSettings method of the iPrint Client ActiveX component.
This module exploits a vulnerability in the ienipp.ocx control included in the Novell iPrint Client application. The exploit is triggered when the Date Time parameter processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a stack-based buffer overflow vulnerability in Novell iPrint Client when the vulnerable ienipp.ocx ActiveX component processes an overly long value for the 'call-back-url' parameter.