Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. This vulnerability is currently being exploited in the wild.



This update adds support for Windows Vista and Windows Seven to the WebDAV module.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

Power Tab Editor is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data when handling .PTB files.

Argument injection vulnerability in the URI handler in Java Deployment Toolkit allows remote attackers to execute arbitrary code via the -J argument to javaws.exe, which is processed by the launch method.



This update adds support for Windows Vista and Windows 7.

Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. This vulnerability is currently being exploited in the wild.



This update adds WebDAV support, which makes possible for the exploit to work as a drive-by attack, allowing to compromise machines by enticing the victims into visiting a website.

Stack-based buffer overflow in Microsoft Office Excel allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record.

Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. This vulnerability is currently being exploited in the wild.



This update provides two modules: one of them can be used to exploit this vulnerability via an USB drive, and the other one provides a typical IMPACT client-side attack via email.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits an improper bound checking in MoreAmp when importing a MAF (song list) file. This causes a stack based overflow and allows code execution on the targeted system with the privileges of the user which is running the application.

This module exploits a heap-based buffer overflow in the Microsoft Windows Movie Maker application by sending a specially crafted .MSWMM file.

This update adds support for Windows Movie Maker 2.6.

This module exploits a vulnerability in Microsoft Office Outlook when verifying attachments that are attached using the ATTACH_BY_REFERENCE value of the PR_ATTACH_METHOD property in a specially crafted e-mail message.

WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs

or have limited functionality and may not have complete or accurate documentation.

This module exploits a vulnerability in Kingsoft Writer by using a crafted

.doc file which causes a stack-based buffer overflow which allows

arbitrary code execution on the targeted system.