Google Earth is prone to a vulnerability that may allow execution of quserex.dll if this dll is located in the same folder than .KMZ file. The attacker must entice a victim into opening a specially crafted .KMZ file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
The vulnerability is caused due to a boundary error within the handling of a .ASX file with a long URI in the "ref href" tag. This can be exploited to cause a stack-based buffer overflow via a specially crafted .ASX file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a vulnerability in the GomWeb3.dll control included in the GoM Player ActiveX application. The exploit is triggered when the OpenURL() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
A design error has been discovered in GNOME's gEdit, which can be exploited by sending a malicious file to vulnerable victims. Note: To exploit this vulnerability, gEdit must be called in the same directory where the malicious files have been decompressed
A design error has been discovered in GNOME's Dia, which can be exploited by sending a malicious file to vulnerable victims. Note: To exploit this vulnerability, GNOME's Dia must be called in the same directory where the malicious files have been decompressed
CuteZIP is prone to a stack based buffer overflow when opening specially crafted ZIP files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a buffer overflow vulnerability in the Ghostscript software included in most Linux distributions. The vulnerability is caused by a buffer overflow in the ICC parser at the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier. The exploit is triggered when an unsuspecting user opens a specially crafted file distributed via an email.
GE Proficy Historian is prone to a Code execution vulnerability in the KeyScript ActiveX control from keyhelp.ocx. The function LaunchTriPane use the -decompile option and can be abused to write arbitrary files on the remote system. The attacker must entice a victim into browsing a specially crafted web page. The LaunchTriPane ActiveX method request crafted chm files and write the embeded binaries in a controlled location may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
GetRight is prone to a vulnerability that may allow the execution of any library file named SvcTagLib.dll, if this dll is located in the same folder than a .GRX file. The attacker must entice a victim into opening a specially crafted .GRX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module runs a web server waiting for vulnerable clients (Internet Explorer, Outlook) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted JPEG file which exploits the GDI JPEG vulnerability. You can force vulnerable clients to connect to the web server automatically by using this module to send them an specially designed e-mail to exploit this vulnerability if the client uses Outlook Express to read their mails.