Client Side | Core Security

This module exploits a vulnerability in the ImageViewer2.ocx module included in the Viscom Image Viewer application. The exploit is triggered when the Image2PDF() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a buffer overflow vulnerability in the Image22 ActiveX Control. The exploit is triggered when the DrawIcon() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a vulnerability in Microsoft XML Core Services. This flaw is due to a memory corruption error in the XMLHTTP ActiveX Control when processing specially crafted arguments passed to a "setRequestHeader()" method, which is used to install an agent in the target host. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

The module starts a HTTP server in the source agent, when the victim system tries to retrieve any file, it sends a malicious HTML page that installs an agent in the victim's machine, bypassing sandbox restrictions. Taking into account the nature of this exploit, exploitation reliability depends on the browser configuration (scripting has to be enabled, by default is enabled) and other factors such as system load. This exploit needs to open some windows in the target client system, so the exploitation attempt may be noticed by a trained user. If an agent is installed, it will remain persistent and must be removed manually.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by instancing TLBINF32.DLL (sometimes installed as VSTLBINF.DLL) with a malicious DLL (IMPActiveX.ocx) as parameter. IMPActiveX.ocx has a helpstringdll property pointing to itself, and implements DLLGetDocumentation to install an agent.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by triggering a race condition in the way IE handles the call to Window function inside a javascript Onload event. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack. This exploit relies in a vulnerability that allows attackers to cause Internet Explorer to execute arbitrary code via a Javascript Onload event that calls the window() function.

Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 and Windows XP SP1 contains a vulnerability when viewing a web site using the HTTP 1.1 protocol. If the web site uses HTTP 1.1 compression and contains an overly long URL, a buffer overflow can occur. This vulnerability was introduced with the first release of the MS06-042. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability of the urlmon.dll library. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in the "javaprxy.dll" COM object when instantiated in Internet Explorer via a specially crafted HTML tag. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in the "devenum.dll" COM object when instantiated in Internet Explorer via a specially crafted HTML tag. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack.

This module exploits a vulnerability caused due to a boundary error when canonicalize URLs. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

Subscribe to Client Side

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum