This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by instancing TLBINF32.DLL (sometimes installed as VSTLBINF.DLL) with a malicious DLL (IMPActiveX.ocx) as parameter. IMPActiveX.ocx has a helpstringdll property pointing to itself, and implements DLLGetDocumentation to install an agent.

This module exploits a integer overflow vulnerability in the xpdf and libpoppler software included in most linux distributions. The vulnerability is caused by a integer overflow in the predictor calculation, which causes a buffer overflow in the stack of the StreamPredictor::getNextLine() function. The exploit is triggered when an unsuspecting user opens a specially crafted file distributed via an email.
This module exploits a vulnerability caused due to a boundary error in the Microsoft Agent ActiveX control (agentdpv.dll) when handling specially crafted URLs passed as argument to a certain unspecified method. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

This module exploits a heap-based buffer overflow vulnerability in the OpenOffice software included in most linux distributions. The vulnerability is caused by the prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. The exploit is triggered when an unsuspecting user opens a specially crafted file distributed via an email.
This module exploits a vulnerability caused due to a boundary error in the wallclock functionality in SmilTimeValue::parseWallClockValue() when handling time formats. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC 0.86, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering.

This module exploits an argument injection vulnerability in Mozilla Firefox, when running on systems with Microsoft Internet Explorer 7 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a FirefoxURL or FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.
Subscribe to Client Side