Client Side | Core Security

The vulnerability is caused due to a boundary error within the Formats plug-in (Formats.dll) when handling IFF files. This can be exploited to cause a stack-based buffer overflow via a specially crafted IFF file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

IRAI AUTOMGEN SCADA is prone to a vulnerability that may allow execution of mfc71enu if this dll is located in the same folder than .AGN file. The attacker must entice a victim into opening a specially crafted .AGN file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module exploits a vulnerability caused due to boundary errors in IntelliTamper within the processing of HTML files when the program scans a site. IntelliTamper fails to check in the image tag on supplied data, allowing an attacker to cause a stack overflow in order to execute arbitrary code.

IntegraXor is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder as a .IGX file. The attacker must entice a victim into opening a specially crafted .IGX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by instancing ISUSWEB.DLL and calling the DownloadAndExecute() insecure method.

InduSoft Web Studio SCADA is prone to a vulnerability that may allow execution of REVERB1 if this dll is located in the same folder than .APP file. The attacker must entice a victim into opening a specially crafted .APP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module exploits a vulnerability in the ISSymbol.ocx control included in the InduSoft Web Studio ActiveX application. The exploit is triggered when the OpenScreen() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the Incredimail IMMenuShellExt ActiveX control vulnerability.

ImgBurn is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder as a .CUE file. The attacker must entice a victim into opening a specially crafted .CUE file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module exploits a vulnerability in the ImageViewer2.ocx module included in the Viscom Image Viewer application. The exploit is triggered when the TifMergeMultiFiles() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

Subscribe to Client Side

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum