This module runs a web server waiting for vulnerable clients (Firefox/Opera) to connect to it. When the client connects, it will try to install an agent by triggering a Windows Media Player vulnerability. When the EMBED tag is used to embed the Media Player plugin, it doesn't properly check the src parameter. This condition can be leveraged to take control of the instruction pointer.

The vulnerability is caused due to a boundary error in MediaCoder when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

The vulnerability is caused due to a boundary error in MediaCoder when handling .LST files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .LST file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a vulnerability in McAfee Virtual Technician MVTControl, which can be abused by using the GetObject() function to load unsafe classes, therefore allowing remote code execution under the context of the user. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a buffer overflow vulnerability in the McAfee Subscription Manager (MCSUBMGR.DLL) ActiveX control. The exploit is triggered when the IsOldAppInstalled () method processes an overly long string argument allowing remote attackers to execute arbitrary code. This client-side exploit is dependent on a user visiting a malicious web-site hosted by Core Impact to distribute the exploit and install an agent. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a vulnerability in SiteManager ActiveX Control (sitemanager.dll). When the ExportSiteList() method process a long string argument, a stack based buffer overflow occurs. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

Maya Studio EO Video contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling .EOP files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a buffer overflow vulnerability in Lotus Notes 8.0 when parsing a malformed, specially crafted WPD (Word Perfect Document) file.

This module exploits a buffer overflow vulnerability in Lotus Notes 8.5 when parsing a malformed, specially crafted WK3 (SpreadSheet Lotus 1-2-3 Document) file.

The buffer overflow occurs within lasr.dll when parsing an AMI Pro document (.sam) file. In several places within the DLL, the unsafe "lstrcpy()" function is used to copy each line read from the file into fixed sized stack and heap buffers. There are no length checks before performing the string copy operation. Hence, it is possible to create an AMI Pro file that contains overly long lines that will trigger the buffer overflow when viewed within Lotus Notes.