The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the util.printf() JavaScript function.
VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of SSA files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDVD, SSA and VPlayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This exploit add support for VLC 0.86e version.
DivX Player (as installed by the DivX Bundle) is reported to have boundary errors in PlaybackModule2.dll within the processing of SRT subtitles. This can be exploited to cause a stack-based buffer overflow when the victim opens a specially crafted file with an overly long subtitle line.
This module exploits a vulnerability in Microsoft Jet Database (msjet40.dll) trough a Microsoft Access Document. The vulnerability is caused due to boundary error in msjet40.dll within the processing of mdb files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened.
Orbit Downloader is vulnerable to a buffer overflow attack, which can be exploited by malicious remote attackers to execute arbitrary code. The vulnerability is due to Orbit not properly converting an URL ASCII string to UNICODE. This can be exploited to execute arbitrary code by downloading a file from a specially crafted URL.
This module exploits a heap-based buffer overflow in the rmoc3260.dll ActiveX Control included in Real Player 11.
An integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .BMP, .CUR, .ICO or .ANI file with a large image size field.
You can force vulnerable clients to connect to the web server automatically by using this module to send them a specially designed e-mail to exploit this vulnerability by open it with Outlook or Outlook Express.
When the victim reads the HTML message a .ANI file is requested to the exploit's web server. If the system is vulnerable an agent is installed exploiting a buffer overflow in the function that parses such file.
You can force vulnerable clients to connect to the web server automatically by using this module to send them a specially designed e-mail to exploit this vulnerability by open it with Outlook or Outlook Express.
When the victim reads the HTML message a .ANI file is requested to the exploit's web server. If the system is vulnerable an agent is installed exploiting a buffer overflow in the function that parses such file.
This module exploits a stack-based buffer overflow in GDI in Microsoft Windows, allowing remote attackers to execute arbitrary code via a specially crafted EMF image file.
WARNING: This is an early release module.
WARNING: This is an early release module.
This module exploits a vulnerability in Microsoft Office (.PPT files). The vulnerability is caused due to a boundary error in mso.dll within the processing of PPT files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened.
This module exploits a vulnerability in Microsoft Excel 2003 SP2 and earlier when parsing a malformed xls file.