This module exploits a vulnerability in the wkimgsrv.dll control shipped with Microsoft Works and many Microsoft Office Suites. The exploit is triggered when the WksPictureInterface() method processes a number as argument resulting in a memory corruption. The WksPictureInterface(), in certain circumstances, points to an invalid memory address that can be controlled to gain code execution. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in Microsoft Office (.WPS files). The vulnerability is caused due to boundary errors within the processing of WPS files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a vulnerability in Microsoft Office Word (.DOC files). The vulnerability is caused due to a boundary error in winword.exe within the processing of DOC files. This can be exploited to cause a memory corruption when a specially crafted file is opened. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Microsoft Word is prone to a vulnerability that may allow execution of ehTrace.dll if this dll is located in a special named folder than .DOC file. The attacker must entice a victim into opening a specially crafted .DOC file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Subscribe to Client Side