The vulnerability is caused due to a boundary error in Audio Converter when handling .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. The exploit is triggered when the user opens a file with the menu File->Add File. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
AudioCoder contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in AudioCoder when handling .m3u files beginning with http://, when the application tries to obtain a stream from an url. This can be exploited to cause a stack-based buffer overflow via a specially crafted .m3u file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
AtomixMP3 contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in AtomixMP3 when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The ExceptionDelegator component of the XWork framework, part of the Apache Struts 2 web framework, as shipped with Atlassian FishEye, interprets parameters values as OGNL expressions when handling a type conversion error. This can be exploited to execute arbitrary code on the vulnerable server by tricking a logged-in user with administrator privileges within the FishEye site to visit a specially crafted web page.
ASUS Net4Switch is prone to an overflow condition related to the ActiveX component ipswcom.dll. The CxDbgPrint()function (cxcmrt.dll) fails to properly sanitize user-supplied input resulting in a buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability is caused due to a boundary error in AstonSoft DeepBurner when handling the path included in .DBR files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .DBR file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Subscribe to Client Side