This module exploits a heap based buffer overflow vulnerability in Mozilla Firefox via a WOFF font file embedded in a HTML. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a buffer overflow in Mozilla Firefox when parsing a malformed UTF-8 encoded URL. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a remote code injection in Mozilla Firefox by using vulnerabilities CVE-2013-0758 and CVE-2013-0757. This module runs a web server waiting for vulnerable clients (Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits an use after free in Mozilla Firefox when manipulating an mChannel Element. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a memory corruption vulnerability. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This module runs a web server waiting for vulnerable clients (Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability is caused due to a boundary error in MoviePlay when handling .LST files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .LST file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits an improper bound checking in MoreAmp when importing a MAF (song list) file. This causes a stack based overflow and allows code execution on the targeted system with the privileges of the user which is running the application. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This exploit takes advantage of a vulnerability that allows attackers to cause mIRC to execute arbitrary code via a malformed IRC PWD response.
The vulnerability is caused due to a boundary error in Mini-Stream Ripper when handling M3U files with overly long lines. This can be exploited to cause a stack-based buffer overflow via a specially crafted M3U file.. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Millennium MP3 Studio contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Millennium MP3 Studio when handling .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.