This module exploits a vulnerability in the NCTAudioFile2.AudioFile ActiveX Control (NCTAudioFile2.dll) used by various multimedia applications. The exploit is triggered when a long string argument is processed by the SetFormatLikeSample() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a XSRF vulnerability in Nagios which allows CORE Core Impact to perform remote command injection impersonating an administrator. This module runs a web server waiting for a Nagios administrator to connect to it. When the client connects, it will perform a Cross Site Request Forgery and try to install an agent on the Nagios server by using a command injection vulnerability.

Music Animation Machine MIDI Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in MAM Player when handling misleading MIDI files. This situation leads to a buffer overflow and allows an attacker to overwrite an SEH Pointer and get control of execution. This vulnerability can be exploited via a specially crafted .mamx file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

The vulnerability is caused due to a boundary error in MUSE when handling .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

An error in the handling of packed objects in a Visio file can be exploited to corrupt memory via a specially crafted Visio file. This module will generate a specially crafted file within a zip archive and sent it through email or make it available to download from Core Impact's Web Server.

The vulnerability is caused due to boundary errors in PUBCONV.DLL within the processing of older version PUB files. This can be exploited to cause a two stage pointer overwrite when a specially crafted file is opened. This module will generate a specially crafted file within a zip archive and sent it through email or make it available to download from Core Impact's Web Server.

This module exploits a stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll of Microsoft DirectX. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a vulnerability in MPlayer. The vulnerability is caused due to boundary error in MPlayer.EXE within the processing of MOV archives. This can be exploited to cause an arbitrary memory corruption when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This Exploit doesn't work with Internet Explorer.

This module exploits a vulnerability in MPlayer. A stack-based buffer overflow in the sub_read_line_sami function in MPlayer SVN Versions before 33471 and SMPlayer 0.6.9 and older versions allows remote attackers to execute arbitrary code via a SAMI subtitle file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

Mozilla Thunderbird is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than .EML file. The attacker must entice a victim into opening a specially crafted .EML file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.