This module exploits a buffer overflow in the Microsoft Windows MPEG Layer-3 codecs when parsing a malformed .AVI file. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module runs a web server waiting for vulnerable clients (Internet Explorer with a vulnerable RDS.Dataspace ActiveX Control) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability.
This module exploits a vulnerability in Microsoft Jet Database (msjet40.dll) trough a Microsoft Access Document. The vulnerability is caused due to boundary error in msjet40.dll within the processing of MDB files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a vulnerability in Microsoft Jet Database (msjet40.dll) through a Microsoft Word document. The vulnerability is caused due to a boundary error in msjet40.dll within the processing of MDB files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0, as used by Internet Explorer, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code by enticing an unsuspecting user to visit a specially crafted web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a buffer overflow in Internet Explorer 7 when handling malformed xml data. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Use-after-free vulnerability in Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code. This module runs a web server waiting for vulnerable clients (Internet Explorer 10) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability. This exploit will only work if the target has Adobe Flash Player 10 or above installed.
Subscribe to Client Side