The vulnerability is caused due to a boundary error when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted file of said extension.
This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting an invalid pointer reference in Internet Explorer.
This module exploits a double free when parsing a specially crafted .PDF file.
This module exploits a buffer overflow when parsing a specially crafted .ZIP file.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The specific flaw exists within the processing of FLN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.
This module exploits a buffer overflow when parsing a specially crafted .XML file. After the file is downloaded, the user must open it from the application, clicking on the Command option in the menu bar (or right clicking in the middle window), then choosing Import Command ... and selecting the file.
The vulnerability is caused due to a boundary error in DVD X Player when handling .PLF files. This can be exploited to cause a stack-based buffer overflow via a specially crafted file of said extension from the open playlist.
The specific flaw exists within the parsing of a RSS file. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.