This module exploits a buffer overflow on Microsoft Windows Movie Maker when parsing a malformed .MSWMM file.
Windows Movie Maker is prone to a vulnerability that may allow the execution of any library file named rsaenh.dll, if this dll is located in the same folder as a .MSWMM file. The attacker must entice a victim into opening a specially crafted .MSWMM file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Windows Meeting Space is prone to a vulnerability that may allow the execution of any library file named wab32res.dll, if this dll is located in the same folder as a .WCINV file. The attacker must entice a victim into opening a specially crafted .WCINV file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a heap overflow in Windows Media Player (winmm.dll) when handling a specially crafted .MID file. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a memory corruption in Windows Media Player when parsing a malformed DVR-MS file.
Windows Media Player is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .ASF file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a stack-based buffer overflow in the wmex.dll ActiveX Control included in Microsoft Windows Media Encoder 9. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a memory corruption in Windows Media Runtime in wmspdmod.dll, when handling the sample rate for a Windows Media Voice frame. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Microsoft Windows Mail is prone to a vulnerability that may allow execution of wab32res.dll if this dll is located in the same folder than .NWS file. The attacker must entice a victim into opening a specially crafted .NWS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. The attacker must entice a victim into viewing a specially crafted shortcut. The shortcut file and the associated binary may be delivered to a user through removable drives, over network shares or remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.