Phoenix Project Manager is prone to a vulnerability that may allow the execution of any library file named wbtrv32.dll, if this dll is located in the same folder as a .PPX file.

The attacker must entice a victim into opening a specially crafted .PPX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module exploits a memory corruption in Windows Media Player when parsing a malformed DVR-MS file.

WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs

or have limited functionality and may not have complete or accurate documentation.

Microsoft Remote Desktop is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder as an .RDP file.

WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a vulnerability in CSDWebInstaller.ocx included on Cisco Secure Desktop. The vulnerability is triggered when the ActiveX control verifies the signing authority names in the certificate chain but fails to properly verify the digital signature of an executable file that is downloaded and then executed.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The vulnerability is caused due to a boundary error in MoviePlay when handling .LST files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .LST file.

This module runs a malicious web server on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a vulnerability in the officeviewer.ocx control included in the Edraw Office Viewer Component ActiveX application. The exploit is triggered when the HttpPost() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

In error.php, PhpMyAdmin permits users to insert text and restricted tags (like BBCode). With the tag [a@url@page]Click Me[/a] you can insert your own page, and redirect all users to that page. This can be used to direct users to a page hosting an OS agent.

Media Player Classic is prone to a vulnerability that may allow execution of iacenc.dll if this dll is located in the same folder than .FLV file. The attacker must entice a victim into opening a specially crafted .FLV file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module exploits an arbitrary file download vulnerability in the RecordingManager Control included in RealPlayer SP.

Pixia is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder as a .PXA file.

The attacker must entice a victim into opening a specially crafted .PXA file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.