The specific flaw exists within the Borland Silk Central TeeChart ActiveX control. The control suffers from an untrusted pointer dereference vulnerability because it blindly calls an attacker-supplied memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8 or 9) to connect to it.

This module abuses the scripting functionality in Blender to trigger remote code execution via a specially crafted file.

The vulnerability is caused due to a boundary error in BlazeHDTV when handling Playlist files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PLF file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

The vulnerability is caused due to a boundary error in BlazeDVD when handling Playlist files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PLF file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

The vulnerability is caused due to a boundary error in the processing of .TORRENT files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a .TORRENT file containing an overly long Created By field. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

Bentley Microstation is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .HLN file. The attacker must entice a victim into opening a specially crafted .HLN file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module exploits a vulnerability in the BarcodeWiz.dll module included in the Barcodewiz application. The exploit is triggered when the LoadProperties() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a vulnerability in the mps.dll control included in the BaoFeng Storm media player. The exploit is triggered when the OnBeforeVideoDownload() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

Awakening's Winds3D Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website.

This module exploits a buffer overflow in Aviosoft DTV Player which allows attackers to execute arbitrary code via a crafted .plf (aka playlist) file.