Fuji Electric Monitouch is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted.v8 document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Eaton ELCSoft is prone to a heap-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .EPC document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
A heap overflow in the ActiveX control nvA1Media.ocx in Advantech WebAccess allows remote attackers to execute arbitrary code via a crafted argument to the Caption method. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The specific flaw exists within the parsing of a pm3 project file. A heap-based buffer overflow vulnerability exists in a call to memcpy. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Unsafe Javascript API implementation in Nitro and Nitro Pro PDF Reader when opening specially crafted PDF files makes possible code execution leading to an agent being installed This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Buffer Overflow in Mitsubishi Electric E-Designer allows remote attackers to execute arbitrary code via crafted MPA file, leading to improper memory allocation.
Fuji Electric V Server is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .VPR document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The specific flaw exists within processing of the AddStringUserProperty method within the UCCDRAW.UCCDrawCtrl.1 ActiveX control of UCanCode E-XD Visualization Enterprise Suite. The process does not properly validate a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8) to connect to it.
This module exploits a vulnerability in Microsoft Office Word. The flaw is related in how Microsoft Word handles OleLink objects. It is possible to open a RTF file and execute arbitrary code in vulnerables installations of Microsoft Office Word. This vulnerability was originally seen being exploited in the wild starting in October 2016.
The vulnerability exists within the WdMacCtl ActiveX control This module runs a web server waiting for vulnerable clients (Internet Explorer 8) to connect to it.