This module exploits a vulnerability in Winamp Player when parsing the Ultravox Streaming metadata. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. This update improves the reliability of the exploit.
This module exploits a stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll of Microsoft DirectX.
VLC is able to handle the subtitles automatically in a very simple way, it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code.
Added support for Windows Vista, 2003 and 2000.
Added support for Windows Vista, 2003 and 2000.
VLC is able to handle the subtitles automatically in a very simple way, it just checks the presence of ssa files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDvd, SSA and Vplayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code.
This module runs a server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in Apple QuickTime, which allows unauthenticated attackers to execute arbitrary code or cause a denial of service condition.
This update adds Mac Intel support.
This update adds Mac Intel support.
-Fixes an error with Excel's filename.
-Includes a minor change in the parser of the From field so that it be more flexible when checking it.
-Includes a minor change in the parser of the From field so that it be more flexible when checking it.
This module tries to attack VLC Media Player by sending a crafted OGG file that triggers a format string and overwrites a subroutine pointer during rendering.
This update adds support for linux.
This update adds support for linux.
This update fixes errors and improves the reliability of the following exploits:
-Adobe PDF URI Handler Exploit
-QuickTime RTSP URL exploit
-QuickTime RTSP Content-Type exploit
-Adobe PDF URI Handler Exploit
-QuickTime RTSP URL exploit
-QuickTime RTSP Content-Type exploit
This module exploits a vulnerability in the lotus 1-2-3 file processor implemented as a third party component inside the Lotus Notes mail reader.