This module exploits a stack based buffer overflow vulnerability in WordPad when handling a specially crafted Word97 file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
Microsoft Windows is prone to a vulnerability that may allow the execution of an arbitrary attacker specified executable file, if this file is located in the same folder as a .THEME file. The attacker must entice a victim into opening a specially crafted .THEME file and go to screensaver tag or push apply and wait default minutes without interaction, with display properties opened. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Windows Shell Briefcase is prone to an integer overflow when accesing a crafted briefcase using webdav, allowing remote users execute arbitrary code.
Microsoft Remote Desktop is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder as an .RDP file. The attacker must entice a victim into opening a specially crafted .RDP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Microsoft Windows does not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object within a file.
The OLE packager component (packager.dll) of Microsoft Windows will automatically download remote files referenced in embedded OLE objects within Office documents. In the case of .INF installer files, packager.dll will automatically run them without prompting the user. This can be abused to gain arbitrary code execution by creating an Office document with an embedded OLE object containing a reference to a remote INF file with specially crafted commands. This vulnerability can be exploited by convincing an unsuspecting user to open a specially crafted PowerPoint document.
This module exploits an integer overflow vulnerability in the OleAut32.dll OLE component of Microsoft Windows when redimensioning an array with a specially crafted size value. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
A remote code execution vulnerability exists in the way that Windows registers and uses the Windows Object Packager that may allow the execution of any executable file named packager.exe, if this executable is located in the same folder than a .PPSX file. The attacker must entice a victim into opening a specially crafted .PPSX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a stack-based buffer overflow in the MSCOMCTL.OCX control by sending a specially crafted .RTF file. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a stack-based buffer overflow in the msvidctl.dll ActiveX Control included in Microsoft Windows DirectShow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.